cancel
Showing results for 
Search instead for 
Did you mean: 

Problem in LDAP-AD Process and Doubt in workflow

raghunandangowd
Confirmed Champ
Confirmed Champ

Hey guys,

I stuck in LDAP-AD Integration since I'm new to alfresco. I followed as below.

Please confirm me the work flow which I've done is whether right or wrong.

In the first,

1. Added the authentication-chain in alfresc-global.properties file.

2. Created a ldap-authentication.properties file and ldap-authentication-context.xml file under the [C:\alfresco-community\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad1] folder.

This is my current work for LDAP-AD Integration.

 

So, my doubt is, should I add any files other than the above .properties files and .xml file. 

If so please let me know, what files I should add and where I'm supposed to add. [i.e. folder path]

I'm getting the below errors:

1. ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: domaincontroller.company.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]

2. ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04030019 Failed to communicate with ldap://domaincontroller.company.com:389. Reason javax.naming.CommunicationException, domaincontroller.company.com:389, java.net.ConnectException, Connection timed out: connect

Below is the properties which I'm running for LDAP-AD Integration.

The below code written in alfresco-gloabl.properties file:

authentication.chain=ldap-ad1:ldap-ad, alfinst:alfrescoNtlm
synchronization.import.cron=0 0 18 * * ?
synchronization.synchronizeChangeOnly=false

The below code written in ldap-authentication.properties file:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@xyz.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://svr01.xyz.com:389
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.authenticateFTP=true

# Enable synchronisation ..
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
# synchronization.syncOnStartup=true

ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=0

# Group, person Query and Differential Query
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
# Search and Timestamp
ldap.synchronization.groupSearchBase=dc\=xyz,dc\=com
ldap.synchronization.userSearchBase=ou\=users,dc\=xyz,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

And the xml files are attached.

[fyi: These two xml files are located in ldap-ad1 folder only.]

Any help is appreciated.

Cesar Capillas‌ You're veteran in LDAP-AD Integration. [ I followed as you suggested me in last post but it didn't work: fyi https://community.alfresco.com/message/831826-re-not-able-to-login-during-ldap-ad-integration?commen...  ] Please help me out sir. Smiley Sad

Regards,

Raghu

2 REPLIES 2

jayesh_prajapat
Star Contributor
Star Contributor

Hi

Looking at error you shared, connection is not happening and getting timeout.

First check point for you should be to verify connection detail you mentioned in ldap-authentication.properties file.

You may try same host, port, principle and credential with some LDAP client to confirm its working and you are able to connect. 

jayesh_prajapat
Star Contributor
Star Contributor