05-03-2018 01:36 AM
Hey guys,
I stuck in LDAP-AD Integration since I'm new to alfresco. I followed as below.
Please confirm me the work flow which I've done is whether right or wrong.
In the first,
1. Added the authentication-chain in alfresc-global.properties file.
2. Created a ldap-authentication.properties file and ldap-authentication-context.xml file under the [C:\alfresco-community\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad1] folder.
This is my current work for LDAP-AD Integration.
So, my doubt is, should I add any files other than the above .properties files and .xml file.
If so please let me know, what files I should add and where I'm supposed to add. [i.e. folder path]
I'm getting the below errors:
1. ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: domaincontroller.company.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
2. ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04030019 Failed to communicate with ldap://domaincontroller.company.com:389. Reason javax.naming.CommunicationException, domaincontroller.company.com:389, java.net.ConnectException, Connection timed out: connect
The below code written in alfresco-gloabl.properties file:
authentication.chain=ldap-ad1:ldap-ad, alfinst:alfrescoNtlm
synchronization.import.cron=0 0 18 * * ?
synchronization.synchronizeChangeOnly=false
The below code written in ldap-authentication.properties file:
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@xyz.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://svr01.xyz.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.authenticateFTP=true
# Enable synchronisation ..
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
# synchronization.syncOnStartup=true
ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=0
# Group, person Query and Differential Query
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
# Search and Timestamp
ldap.synchronization.groupSearchBase=dc\=xyz,dc\=com
ldap.synchronization.userSearchBase=ou\=users,dc\=xyz,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
And the xml files are attached.
[fyi: These two xml files are located in ldap-ad1 folder only.]
Any help is appreciated.
Cesar Capillas You're veteran in LDAP-AD Integration. [ I followed as you suggested me in last post but it didn't work: fyi https://community.alfresco.com/message/831826-re-not-able-to-login-during-ldap-ad-integration?commen... ] Please help me out sir.
Regards,
Raghu
05-03-2018 02:02 AM
Hi
Looking at error you shared, connection is not happening and getting timeout.
First check point for you should be to verify connection detail you mentioned in ldap-authentication.properties file.
You may try same host, port, principle and credential with some LDAP client to confirm its working and you are able to connect.
05-03-2018 02:07 AM
I hope following links give you some more idea,
Cannot get LDAP Synch to work with AD
I need help in integrating AD with alfresco
Explore our Alfresco products with the links below. Use labels to filter content by product module.