Hello All,
I have alfresco process services 1.8.1 and wanted to activate the LDAP (active directory) authentication, but I'm facing the following error and don't know what to do:
2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeEnabled = false
2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeSize = 1500
2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userSearchBase = OU=User Accounts,OU=Alfresco,DC=pgi,DC=com
2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userQuery = (&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userDifferentialQuery = (&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged<={0})))
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userIdAttributeName = uid
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userFirstNameAttributeName = givenName
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userLastNameAttributeName = sn
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userEmailAttributeName = 'mail'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userType = 'user'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupSearchBase = 'OU=Security Groups,OU=Alfresco,DC=pgi,DC=com'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupQuery = '(objectclass=group)'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupDifferentialQuery = '(&(objectclass=group)(!(whenChanged<={0})))'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupIdAttributeName = 'cn'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupMemberAttributeName = member
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupType = group
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] distinguishedNameAttributeName = dn
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] createTimestampAttributeName = whenCreated
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] modifyTimestampAttributeName = 'whenChanged'
2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] timeStampFormat = yyyyMMddHHmmss'.0Z', locale = (en,GB), timezone = GMT
2018-03-28 09:58:00,764 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 88. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.
2018-03-28 09:58:00,779 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 77. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.
2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] User cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.users.max.size' and 'cache.users.max.age' property.
2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] Group cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.groups.max.size' and 'cache.groups.max.age' property.
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] Form cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.forms.max.size' property
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] Alfresco ticket cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] The size of this cache is determined by the 'cache.alfresco-tickets.max.size' and 'cache.alfresco-tickets.max.age' property.
2018-03-28 09:58:04,196 INFO [com.activiti.service.license.LicenseService] [pool-4-thread-4] Note! License is about to expire in the near future 20180415
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileControllerCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] Token cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.login-tokens.max.size' and 'cache.login-tokens.max.age' property.
2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileLibraryCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}
2018-03-28 09:58:04,242 INFO [com.activiti.ActivitiApplication] [localhost-startStop-1] Started ActivitiApplication in 42.541 seconds (JVM running for 71.388)
2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] No initial LDAP sync info found. Executing full synchronization.
2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting full LDAP synchronization
2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting to process the LDAP users and groups.
2018-03-28 09:58:04,320 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Found 0 groups and 2 users in LDAP
2018-03-28 09:58:04,383 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.
javax.persistence.NonUniqueResultException: result returns more than one elements
at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297)
at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258)
at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208)
at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87)
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116)
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106)
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492)
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source)
at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2018-03-28 09:58:04,414 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.
javax.persistence.NonUniqueResultException: result returns more than one elements
at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297)
at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258)
at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208)
at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87)
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116)
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106)
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492)
at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source)
at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2018-03-28 09:58:04,414 ERROR [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Exception while executing full LDAP sync
org.springframework.transaction.TransactionSystemException: Could not commit JPA transaction; nested exception is javax.persistence.RollbackException: Transaction marked as rollbackOnly
at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:526)
at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761)
at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:150)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)
at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.persistence.RollbackException: Transaction marked as rollbackOnly
at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:72)
at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:517)
... 11 more
Bellow is \tomcat\lib\activiti-ldap.properties
# --------------------------
# LDAP AUTHENTICATION CONFIG
# --------------------------
# Note that this is AUTHENTICATION only, not synchronization.
# For this to work properly, the LDAP synchronization (see below), needs to be
# enabled and configured correctly (on one node).
ldap.authentication.enabled=true
# Set to false to allow for case insensitive logins. By default true if omitted or commented out.
ldap.authentication.casesensitive=true
# Set this property to 'true' to allow for a fallback to database authentication (default is false).
# This can be useful to have a 'system' user for example which does not represent
# a real user (and is not in the LDAP user store), but can be used to eg. call the REST API.
ldap.allow.database.authenticaion.fallback=false
# Property to map the user id entered by the user in the login field to that passed through to LDAP.
#
# If the users are in a flat list (eg one organizational unit), it's easy, simply set the property
# to a value, eg. uid={0},ou=users,dc=alfresco,dc=com
# This is also the most performant way, as the LDAP bind can be done directly.
#
# However, if the users are in structured folders (organizational units for example), a direct pattern cannot be used.
# In this case, leave the property either empty or comment it.
# A query will be done using the ldap.synchronization.personQuery with the ldap.synchronization.userIdAttributeName
# to find the user, and find it's dn. That dn will then be used to login.
ldap.authentication.dnPattern=
# Uncomment when using Active directory
ldap.authentication.active-directory.enabled=true
ldap.authentication.active-directory.domain=pgi.com
ldap.authentication.active-directory.rootDn=DC=pgi,DC=com
ldap.authentication.active-directory.searchFilter=(&(objectClass=user)(sAMAccountName={0}))
# ----------------------------
# LDAP SYNCHRONIZATION CONFIG
# ----------------------------
# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.
# By default, runs at midnight, since this is quite a heavy operation.
# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users.
ldap.synchronization.full.enabled=true
ldap.synchronization.full.cronExpression=0 0 0 * * ?
# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.
# A differential sync cannot detect deletes of users/groups. This is done by the full sync.
ldap.synchronization.differential.enabled=false
ldap.synchronization.differential.cronExpression=0 0 */4 * * ?
# Paging (default = no paging).
# If enabled, default page size is 100
ldap.synchronization.paging.enabled=false
ldap.synchronization.paging.size=500
# Db batch sizes
ldap.synchronization.db.insert.batch.size=100
ldap.synchronization.db.query.batch.size=100
# ----------------------
# LDAP CONNECTION CONFIG
# ----------------------
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ActiveDirectory.pgi.com:389
# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=CN\=Alfresco,OU\=User Accounts,OU\=Alfresco,DC\=pgi,DC\=com
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=Start123
# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple
# LDAPS truststore configuration properties
#ldap.authentication.truststore.path=
#ldap.authentication.truststore.passphrase=
#ldap.authentication.truststore.type=
# Set to 'ssl' to enable truststore configuration via subsystem's properties
#ldap.authentication.java.naming.security.protocol=ssl
# The LDAP context factory to use
#ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# Requests timeout, in miliseconds, use 0 for none (default)
#ldap.authentication.java.naming.read.timeout=0
# See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html
#ldap.synchronization.java.naming.referral=follow
# -----------
# USER CONFIG
# -----------
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=OU=User Accounts,OU=Alfresco,DC=pgi,DC=com
# The query to select all objects that represent the users to import.
# Active Directory example: (&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
# The query to select objects that represent the users to import that have changed since a certain time.
# Active Directory example: (&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
# The attribute name on people objects found in LDAP to use as the login id in Activiti. Needs to be unique and cannot change!
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property of a user
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property of a user
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property of a user
ldap.synchronization.userEmailAttributeName=mail
# The person type in LDAP
# Active Directory: user
ldap.synchronization.userType=user
# Set the dn of the people that need to be made tenant admin (one tenant). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied
##ldap.synchronization.tenantAdminDn=uid=admin,ou=users,dc=alfresco,dc=com
# Set the dn of the people that need to be made tenant manager (multiple tenants). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied
##ldap.synchronization.tenantManagerDn=uid=admin,ou=users,dc=alfresco,dc=com
# ------------
# GROUP CONFIG
# ------------
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU=Security Groups,OU=Alfresco,DC=pgi,DC=com
# The query to select all objects that represent the groups to import.
# Active Directory example: (objectclass\=group)
ldap.synchronization.groupQuery=(objectclass\=group)
# The query to select objects that represent the groups to import that have changed since a certain time.
# Active Directory example: (&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
# LDAP Range (default = no range).
# If enabled, default range size is 1000.
# This is an Active Directory attribute
# and should be used when there are groups with more than
# 1000 members for AD on Windows Server 2000 or
# 1500 members for AD on Windows Server 2003+
# see https://msdn.microsoft.com/en-us/library/ms676302(VS.85).aspx
ldap.synchronization.groupMemberRangeEnabled=false
ldap.synchronization.groupMemberRangeSize=1500
# The group type in LDAP
# Active Directory: group
ldap.synchronization.groupType=group
# ------------------------
# GENERIC ATTRIBUTE CONFIG
# ------------------------
# The dn of an entry.
ldap.synchronization.distinguishedNameAttributeName=dn
# The name of the operational attribute recording the last update time for a group or user.
# Active Directory: whenChanged
ldap.synchronization.modifyTimestampAttributeName=whenChanged
# The name of the operational attribute recording the create time for a group or user.
# Active Directory: whenCreated
ldap.synchronization.createTimestampAttributeName=whenCreated
# The timestamp format. Unfortunately, this varies between directory servers.
# Active Directory: yyyyMMddHHmmss'.0Z'
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
# The timestamp format locale language. 'en' by default. Follows the java.util.Locale semantics.
ldap.synchronization.timestampFormat.locale.language=en
# The timestamp format locale country. 'GB' by default. Follows the java.util.Locale semantics.
ldap.synchronization.timestampFormat.locale.country=GB
# The timestamp format timezone. 'GMT' by default. Folloez the java.text.SimpleDateFormat semantics.
ldap.synchronization.timestampFormat.timezone=GMT
# -----------------------
# LDAP CONNECTION POOLING
# -----------------------
# Options=
# nothing filled in: no connection pooling
# 'jdk': use the default jdk pooling mechanism
# 'spring': use the spring ldap connection pooling facilities. These can be configured further below
#ldap.synchronization.pooling.type=spring
# Following settings follow the semantics of org.springframework.ldap.pool.factory.PoolingContextSource
#ldap.synchronization.pooling.minIdle=0
#ldap.synchronization.pooling.maxIdle=8
#ldap.synchronization.pooling.maxActive=0
#ldap.synchronization.pooling.maxTotal=-1
#ldap.synchronization.pooling.maxWait=-1
# Options for exhausted action: fail | block | grow
#ldap.synchronization.pooling.whenExhaustedAction=block
#ldap.synchronization.pooling.testOnBorrow=false
#ldap.synchronization.pooling.testOnReturn=false
#ldap.synchronization.pooling.testWhileIdle=false
#ldap.synchronization.pooling.timeBetweenEvictionRunsMillis=-1
#ldap.synchronization.pooling.minEvictableIdleTimeMillis=1800000
#ldap.synchronization.pooling.numTestsPerEvictionRun=3
# Connection pool validation (see http://docs.spring.io/spring-ldap/docs/2.0.2.RELEASE/reference/#pooling for semantics)
# Used when any of the testXXX above are set to true
#ldap.synchronization.pooling.validation.base=
#ldap.synchronization.pooling.validation.filter=
# Search control: object, oneLevel, subTree
#ldap.synchronization.pooling.validation.searchControlsRefs=
#---------------------------
# KERBEROS SSO CONFIGURATION
#---------------------------
kerberos.authentication.enabled=false
#kerberos.authentication.principal=HTTP/test.alfresco.local
#kerberos.authentication.keytab=C:/alfresco/alfrescohttp.keytab
kerberos.authentication.krb5.conf=C:/Windows/krb5.ini
#kerberos.allow.ldap.authentication.fallback=false
#kerberos.allow.database.authentication.fallback=false
# Set to true if you use the short form (samAccountName) of your AD username to log in to Windows rather than the full UPN
#kerberos.allow.samAccountName.authentication=true
# Following line must be set to true when Kerberos enabled
#security.authentication.use-externalid=true
Any idea ??
Thanks in advance,
Makram
Hi Makram,
Appreciate that it has been a while since you asked your question, but I found it whilst trying to problem solve a different issue myself.
Did you get this resolved in the end ?
I notice that you have
ldap.synchronization.userIdAttributeName=uid
Although 'uid' is an attribute in AD, i'm not sure what it gets populated with. That might be why you are getting non-unique results for a specific user.
See User Naming Attributes (Windows)
You might be better off using
ldap.synchronization.userIdAttributeName=sAMAccountName
- we've had some success with this setting & AD, although my current problem is that disabled AD accounts are not making active users 'inactive'
Caution : Note that this contradicts the example-activiti-ldap-for-ad.properties file which suggests you use 'cn' together as does numerous other examples i've found in google searches. However, that gives us the users full name in 'external_id' within APS, which is not correct.
I also note that there is an open JIRA to improve the documentation.
HTH
Keith
Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.