cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP can connect but not sync

oddo
Champ in-the-making
Champ in-the-making
Hi all,
I've configured my alfresco 3.3 for connecting with LDAP system.
This is my configuration in alfresco-global-properties:

authentication.chain=passthru:passthru,ldap-ad:ldap-ad

passthru.authentication.useLocalServer=false
passthru.authentication.domain=DOM
passthru.authentication.servers=DOM\\DC-SERVER,DC-SERVER
ntlm.authentication.sso.enabled=true
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=sys.name.surname

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@dom.com
ldap.authentication.java.naming.provider.url=ldap://DC-SERVER.dom.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.referral=follow

#ldap.synchronization.active=false
ldap.authentication.java.naming.security.principal=DOM\\sys.name.surname
ldap.authentication.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronisation.personQuery=(objectclass=user)
ldap.synchronization.userSearchBase=OU=Users,OU=EU,DC=dom,DC=com
ldap.synchronization.personType=user
ldap.synchronisation.groupQuery=(objectclass=group)
ldap.synchronization.groupSearchBase=OU=Groups,OU=EU,DC=dom,DC=com
ldap.synchronization.groupType=group
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronisation.userIdAttributeName=uid
ldap.synchronization.userEmailAttributeName=mail

With this configuration I can connect with any Active Directory user if I uncomment the "#ldap.synchronization.active=false" line, but I'm not able to sync correctly users.

I tryed also to set different ldap.authentication.java.naming.security.principal, like:
    "sys.name.surname@dom.com",
    "sys.name.surname",
    "UID=sys.name.surname,OU=Users,OU=EU,DC=dom,DC=com" or
    "CN=surname name,OU=Users,OU=EU,DC=dom,DC=com"
but no one of them works!

I always get this error in alfresco.log file:
12:05:26,719 INFO  [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/repository.properties]
12:05:26,719 INFO  [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/domain/transaction.properties]
12:05:26,719 INFO  [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from URL [file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/webapps/alfresco/WEB-INF/classes/alfresco-global.properties]
12:05:26,766 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:37,938 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
12:05:37,938 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor Repository Script Processor for extension js
12:05:43,313 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.alfresco.repo.domain.hibernate.dialect.AlfrescoSQLServerDialect.
12:05:45,501 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
12:05:46,595 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
12:05:46,610 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:46,626 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
12:05:48,423 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
12:05:48,439 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:48,845 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
12:05:48,845 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
12:05:48,860 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:49,282 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
12:05:51,407 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: C:\alfresco_persistent_data
12:05:51,486 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
12:05:52,486 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
12:05:52,532 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
12:05:52,564 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]
12:05:52,579 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:52,892 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, passthru]
12:05:52,907 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:53,970 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, passthru] complete
12:05:53,970 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap-ad]
12:05:53,986 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:54,095 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap-ad] complete
12:05:54,189 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
12:05:54,189 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]
12:05:54,204 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:54,361 INFO  [org.alfresco.repo.imap.AlfrescoImapServer] IMAP service started on host:port tubove-ww02v:143.
12:05:54,361 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete
12:05:54,361 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, outbound]
12:05:54,376 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:54,423 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, outbound] complete
12:05:54,423 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, inbound]
12:05:54,439 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:54,486 WARN  [org.springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'blockedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.lang.String)]: [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.util.List)]
12:05:54,486 WARN  [org.springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'allowedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.util.List)]: [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.lang.String)]
12:05:54,486 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
12:05:54,486 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Enabled - calculate missing user usages …
12:05:54,564 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Found 0 users to recalculate
12:05:54,564 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] … calculated missing usages for 0 users
12:05:54,564 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
12:05:54,564 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:05:54,595 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap-ad'
12:05:54,595 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap-ad'
12:05:54,626 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 06050000 LDAP authentication failed.
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:110)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:85)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:76)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:648)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:645)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:540)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:407)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1360)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1354)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
   at java.lang.reflect.Method.invoke(Unknown Source)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
   at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
   at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
   at javax.naming.InitialContext.init(Unknown Source)
   at javax.naming.InitialContext.<init>(Unknown Source)
   at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:105)
   … 49 more
12:05:54,642 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 06050000 LDAP authentication failed.
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:110)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:85)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:76)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:648)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:645)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:540)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:407)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1360)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1354)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
   at java.lang.reflect.Method.invoke(Unknown Source)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
   at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
   at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
   at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
   at javax.naming.InitialContext.init(Unknown Source)
   at javax.naming.InitialContext.<init>(Unknown Source)
   at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:105)
   … 49 more
12:05:54,642 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
12:05:54,704 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_20-b02; maximum heap size 989.875MB
12:05:54,704 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.3.0 (2765) schema 4009 - Originally installed version 3.3.0 (2765) schema 4009
12:06:18,330 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 340 Web Scripts (+0 failed), 575 URLs
12:06:18,330 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 2 Package Description Documents (+0 failed)
12:06:18,330 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 1 Schema Description Documents (+0 failed)
12:06:18,330 INFO  [org.springframework.extensions.webscripts.AbstractRuntimeContainer] Initialised Repository Web Script Container (in 18545.572ms)
12:06:18,330 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
12:06:18,330 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
12:06:18,455 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'wcm_deployment_receiver' subsystem, ID: [wcm_deployment_receiver, default]
12:06:18,486 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
12:06:18,580 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'wcm_deployment_receiver' subsystem, ID: [wcm_deployment_receiver, default] complete

Thanks a lot for any kind of help!!!

Oddo.
7 REPLIES 7

nguser1
Champ in-the-making
Champ in-the-making
I'm no expert but from the error message I think you might want to be looking at these lines:

ldap.synchronization.active=false
ldap.authentication.java.naming.security.principal=DOM\\sys.name.surname
ldap.authentication.java.naming.security.credentials=password

The error message you have is similar to the error messages I had when someone changed the password for the user I was logging on to AD as.

HTH

oddo
Champ in-the-making
Champ in-the-making
Thank you, but I'm sure about user and password because it's the same thai I use accessing our servers and Active Directory!!!
I try also to connect LDAP with "Softerra LDAP Browser 2.6" and the same Bases and Queries used in configuration file, with the same user and password, work perfectly!!!
I have no further idea, I'm trying to solve this problem for about 2 weeks…

Oddo.

altroz
Champ in-the-making
Champ in-the-making
I think this page can help you:
http://www.anotherstrangerme.com/alfresco-integration-with-active-directory/


I used LDAP-AD authentication and synchronization like below, and it worked fine for me.
Global Properties:

synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false

ldap-properties

ldap.authentication.active=true
ldap.synchronization.active=true
ldap.authentication.allowGuestLogin=false

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://localhost:389
ldap.authentication.defaultAdministratorUserNames=Administrator

ldap.synchronization.java.naming.security.principal=Administrator@prosia.local
ldap.synchronization.java.naming.security.credentials=ProsiaPassword
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(objectclass\=group)

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

ldap.synchronization.groupSearchBase=dc\=prosia,dc\=local
ldap.synchronization.userSearchBase=dc\=prosia,dc\=local

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

ldap.synchronization.userIdAttributeName=userPrincipalName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

I hope it helps you… Smiley Wink

oddo
Champ in-the-making
Champ in-the-making
Thanks a lot for your help, I have already found the website you told me, I copyed some of your configuration but the result (ERROR) is the same!  :cry:

Now this is my LDAP configuration:
authentication.chain=passthru:passthru,ldap-ad:ldap-ad

passthru.authentication.useLocalServer=false
passthru.authentication.domain=DOM
passthru.authentication.servers=DOM\\DC-SERVER,DC-SERVER
ntlm.authentication.sso.enabled=true
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=sys.name.surname

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@dom.com
ldap.authentication.java.naming.provider.url=ldap://DC-SERVER.dom.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

#ldap.synchronization.active=false
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.referral=follow
ldap.authentication.java.naming.security.principal=sys.name.surname@dom.com
ldap.authentication.java.naming.security.credentials=syspassword
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronisation.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronisation.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.userSearchBase=OU=Users,DC=dom,DC=com
ldap.synchronization.personType=user
ldap.synchronisation.groupQuery=(&(objectclass=group)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronisation.groupDifferentialQuery=(&(objectclass=group)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.groupSearchBase=OU=Groups,DC=dom,DC=com

ldap.synchronization.userIdAttributeName=userPrincipalName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Yesterday I also read that Alfresco doesn't sync correctly if Company Home was renamed, so I delete completely the alfresco folder and re-install the .war file from the beginning, but nothing different happened!  :cry:  :cry:

I'm thinking to plan a trip to Lourdes…  :roll:

altroz
Champ in-the-making
Champ in-the-making
Smiley Surprised
well, I'm not sure with your error.. what about adding backslash("\") mark to your personquery, differentialquery, userSearchBase and groupSearchBase. for example:
ldap.synchronization.userSearchBase=OU=Users,DC=dom,DC=com
to
ldap.synchronization.userSearchBase=OU\=Users,DC\=dom,DC\=com

does it make any difference? btw, are you sure that "Users" is a Organizational Unit (OU), if I'm not wrong, usually "Users" is a CN. Please check it from your LDAP Browser…

PS: I had been stuck also with this AD stuff for more than a week.. but now it's working fine.. Smiley Happy

oddo
Champ in-the-making
Champ in-the-making
Thank you for the answer…
I'm sure that the SearchBase queries are correct because I use them in my LDAP browser and I can view all Users and Groups correctly…
I also tried to add escape character "\" a few days ago, both in queries and in security.principal user, but the result is always the same!!!

Now, I'm watching on another project because I was going mad, but I'm always hoping in a post that can help me!!!
:roll:

ivan_plestina
Champ in-the-making
Champ in-the-making
Try this:

ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.security.principal=sys.name.surname@dom.com
ldap.authentication.java.naming.security.credentials=syspassword

Ivan
Welcome to the new Hyland Connect. Get started or submit feedback.