Help

Active Directory AD configuration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gros_manu
Member II
‎30 May 2011 10:06 AM

Active Directory AD configuration

Bonjour,

Je voudrai s activer l’active Directory dans alfresco, mais je n’y parviens pas. J’ai essayé en suivant les indications de ce lien http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#AlfrescoNtlm mais a la suite de la conf, il n’y a aucun changement mis a part que l’interface share ne fonctionne plus sans générer d’erreur dans les logs.
Quel fichier avez-vous modifié pour activer l’import des users de l’AD ?

Merci
Labels
0 Kudos
Reply
11 Replies
jeanjot
Active Member
‎30 May 2011 10:35 AM

Re: Active Directory AD configuration

Bonjour

Avec quelques informations complémentaires, comme :
Version alfresco,
Sgbd
OS

et aussi les fichiers de configuration que vous avez modifiés pourrait nous permettre de vous répondre sans boule de cristal comme dirait Romain …
0 Kudos
Reply
gros_manu
Member II
‎30 May 2011 1:06 PM

Re: Active Directory AD configuration

désolé,

Alfresco 3.4d
mysql
le tout sur centOS 5.6

Pour le momet je viens de refaire une install donc je n ai pas encore modifé de fichier.
0 Kudos
Reply
jeanjot
Active Member
‎30 May 2011 1:15 PM

Re: Active Directory AD configuration

Ok

si cela ne marche pas n'hésitez pas à envoyer votre fichier de configuration.
Avec des informations sur votre AD en terme d'architecture.
0 Kudos
Reply
gros_manu
Member II
‎30 May 2011 1:34 PM

Re: Active Directory AD configuration

juste une qestion:

L'AD fonctionne avec share et le CIFS ? Si oui cela ne nécessite qu'une seul configuration ?

Il faut modifier le fichier share-config-custom.xml.sample, mais y a t il des modification a apporter dans les fichiers du dossier
/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication ?
0 Kudos
Reply
jeanjot
Active Member
‎30 May 2011 2:08 PM

Re: Active Directory AD configuration

Bonjour

Pour la déclaration de votre AD vous pouvez le faire directement dans :
alfresco-global.properties

Toutes les informations à remplir ce trouve sur cette page :
http://www.alfresco.com/help/34/community/all/concepts/auth-ldap-props.html

N'oubliez pas le chainage d'authentification sur cette page :
http://www.alfresco.com/help/34/community/all/tasks/auth-subsystem-chain-config.html

Et pour finir la totale pour ce qui concerne l'authentification et notamment les accès CIFS avec les différentes possibilités d'authentification :
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#What_are_the_Authentication_Subsyst...
0 Kudos
Reply
gros_manu
Member II
‎30 May 2011 3:57 PM

Re: Active Directory AD configuration

Merci je vais essayer avec cela .
0 Kudos
Reply
gros_manu
Member II
‎7 Jun 2011 4:40 PM

Re: Active Directory AD configuration

Bonjour,

Ce n'est pas encore ca, mais ca avance !

Je bloque :
    17:24:37,945 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
    17:24:37,950 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
    17:24:38,004 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
    17:24:38,005 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
    17:24:38,008 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
    17:24:38,152 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 117 entries
    17:24:38,170 UserSmiley Frustratedystem WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: user1@integra.
    fr, modifytimestamp=modifyTimeStamp: 20110318165427.0Z, givenname=givenName: user1, sn=sn: name1}
    17:24:38,171 UserSmiley Frustratedystem WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {modifytimestamp=modifyTim
    eStamp: 20110221170727.0Z, givenname=givenName: user2}
    17:24:38,171 UserSmiley Frustratedystem WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {modifytimestamp=modifyTim
    eStamp: 20110221170750.0Z, givenname=givenName: user3}
    17:24:38,171 UserSmiley Frustratedystem WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: gfffff@fffff.fr, modifytimestamp=modifyTimeStamp: 20110518133807.0Z, givenname=givenName: Gffff, sn=sn: fffff}
    17:24:38,171 UserSmiley Frustratedystem WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: bffff@ffff.fr, modifytimestamp=modifyTimeStamp: 20110606095222.0Z, givenname=givenName: BfFFF, sn=sn: FFFF}
Au final pour le moment je n'est plus acces aux interfaces web avec le login admin. Pour avoir l'acces, il faut que je remette la conf de base

Avez vous une idée ?
Merci
0 Kudos
Reply
jeanjot
Active Member
‎7 Jun 2011 10:50 PM

Re: Active Directory AD configuration

bonsoir

ce serait bien de nous mettre votre configuration avec le contenu du alfresco-global.properties…
0 Kudos
Reply
gros_manu
Member II
‎17 Jun 2011 2:55 PM

Re: Active Directory AD configuration

Bonjour,

Finalement j'ai bien acces aux differantes interfaces avec le compte admin.

Pour le fichier alfresco-global.properties,
j ai :

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true

le reste de la configuration est dans le fichier  : ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://mon serveur:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=user,ou\=service,ou\=utilisateurs,ou\=toto,dc\=toto,dc\=toto,dc\=fr
ldap.synchronization.java.naming.security.credentials=toto
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=user)
ldap.synchronization.personDifferentialQuery=(&(objectcategory\=user)(objectclass\=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=toto,dc\=toto,dc\=toto,dc\=fr
ldap.synchronization.userSearchBase=ou\=toto,dc\=toto,dc\=toto,dc\=fr
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Avec ces parametres catalina.out ma donne :

15:02:02,147 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
15:02:02,152 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
15:02:02,188 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
15:02:02,190 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
15:02:02,192 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
15:02:02,223 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 123 entries
15:02:02,236 User:System WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: user1@toto.
fr, modifytimestamp=modifyTimeStamp: 20110318165427.0Z, givenname=givenName: user1, sn=sn: name1}
15:02:02,237 User:System WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {modifytimestamp=modifyTim
eStamp: 20110221170727.0Z, givenname=givenName: user2}
15:02:02,237 User:System WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {modifytimestamp=modifyTim
eStamp: 20110221170750.0Z, givenname=givenName: user3}
15:02:02,237 User:System WARN  [sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: toto@toto
.fr, modifytimestamp=modifyTimeStamp: 20110617125247.0Z, givenname=givenName: toto, sn=sn: toto}

Puis :

15:02:02,269 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 123 entries
15:02:02,271 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 05170000 Failed to parse timestamp.
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.mapToNode(LDAPUserRegistry.java:981)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.access$800(LDAPUserRegistry.java:77)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection$PersonIterator.fetchNext(LDAPUserRegistry.java:1466)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection$PersonIterator.<init>(LDAPUserRegistry.java:1362)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection.iterator(LDAPUserRegistry.java:1313)
        at org.alfresco.repo.batch.BatchProcessor$WorkProviderIterator.hasNext(BatchProcessor.java:589)
        at org.alfresco.repo.batch.BatchProcessor.process(BatchProcessor.java:378)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1275)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:519)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.text.ParseException: Unparseable date: "20110617104849.0Z"
        at java.text.DateFormat.parse(DateFormat.java:337)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.mapToNode(LDAPUserRegistry.java:977)
        … 52 more
15:02:02,286 User:System WARN  [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 05170000 Failed to parse timestamp.
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.mapToNode(LDAPUserRegistry.java:981)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.access$800(LDAPUserRegistry.java:77)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection$PersonIterator.fetchNext(LDAPUserRegistry.java:1466)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection$PersonIterator.<init>(LDAPUserRegistry.java:1362)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection.iterator(LDAPUserRegistry.java:1313)
        at org.alfresco.repo.batch.BatchProcessor$WorkProviderIterator.hasNext(BatchProcessor.java:589)
        at org.alfresco.repo.batch.BatchProcessor.process(BatchProcessor.java:378)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1275)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:519)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.text.ParseException: Unparseable date: "20110617104849.0Z"
        at java.text.DateFormat.parse(DateFormat.java:337)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.mapToNode(LDAPUserRegistry.java:977)
        … 52 more
15:02:02,295  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete

Je suis un peu perdu …
Si vous avez une idée ce serait top!

Merci
0 Kudos
Reply
The Archive

Content from pre 2016 and from language groups that have been closed.

Content is read-only.

“Alfresco

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.