LDAP authentification / synchro (3.4)

cancel
Showing results for 
Search instead for 
Did you mean: 
j0han
Member II

LDAP authentification / synchro (3.4)

Bonjour à tous,

Encore un problème de configuration de LDAP me direz-vous… J'ai pourtant suivi la configuration du wiki (http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#LDAP) et consulté d'autres liens Alfresco; mais voila ça ne fonctionne pas. Et je n'arrive pas à savoir si même il arrive à s'authentifier (cf log).

Extrait de mon LDAP
dn: dc=monDomaine,dc=fr
objectClass: dcObject
objectClass: organization
dc: monDomaine
o: monDomaine

dn: ou=personnes,dc=monDomaine,dc=fr
ou: personnes
objectClass: organizationalUnit
objectClass: top

dn: uid=login,dc=monDomaine,dc=fr
uid: login
userPassword: {MD5}monMotDePasseCrypté
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
structuralObjectClass: account

dn: uid=toto,ou=personnes,dc=monDomaine,dc=fr
objectClass: Personnes
uid: toto
sn: NomDeFamille
givenName: Prénom
userPassword: {MD5}sonMotDePasseCrypté
cn: Prénom NomDeFamille
Config de mon ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.userNameFormat=uid\=%s,ou\=personnes,dc\=monDomaine,dc\=fr
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.IPSERVER:389
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true

# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=DIGEST-MD5

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=uid\=monLogin

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=monMotDePasseEnCLAIR

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=Personnes)

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=personnes,dc\=monDomaine,dc\=fr

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=description

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member

# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true
Enfin, le log associé.
14:22:58,207  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap\ldap1\ldap-authentication.properties]
14:23:24,286  WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'serviceBeans' being accessed! Ambiguous write methods found next to actually used [public void org.apache.cxf.jaxrs.JAXRSServerFactoryBean.setServiceBeans(java.lang.Object[])]: [public void org.apache.cxf.jaxrs.JAXRSServerFactoryBean.setServiceBeans(java.util.List)]
14:23:28,458  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
   …blabla…
14:23:54,443  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/module/org.alfresco.module.vti/context/vti.properties]
14:23:54,443  INFO  [alfresco.config.FixedPropertyPlaceholderConfigurer] Loading properties file from URL [file:/C:/Alfresco/tomcat/shared/classes/alfresco/extension/custom-vti.properties]
14:23:54,599 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
14:23:54,615 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
14:23:54,678 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03210000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:618)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
      ….
     
Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=Groups,dc=monDomaine,dc=fr'
   at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:305)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:151)
   at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1129)
   … 47 more
14:23:54,740 User:System WARN  [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 03210000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
Des points qui sont flous et qui pourraient peut-être être la source!
1. Dans le fichier properties, j'utilise une authentification 'DIGEST-MD5'. Je pense que cela correspond, puisque dans le LDAP le mot de passe est crypté et préfixé de {MD5}. Mais n'est ce pas un raccourcis que de penser ça?

2. Mes OU sont des 'personnes'. J'utilise donc : " ldap.synchronization.personQuery=(objectclass\=Personnes) " a plusieurs reprises. Cela est-il vraiment cohérent?

3. Voyez vous d'autres éléments qui pourraient m'aider?

4. Merci d'avoir lu jusqu'ici et pour vos futures réponses!!

Config : WinXP, Alfresco 3.4d, openLDAP 2.4.
1 Reply
j0han
Member II

Re: LDAP authentification / synchro (3.4)

Quelques "progressions"…
Sachant que je me connecte en 'Simple' avec un LDAP Browser, j'ai remis 'simple' pour les modes d'authentification.

Que signifie concrètement ce warning du log ?

WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'serviceBeans' being accessed! Ambiguous write methods found next to actually used [public void org.apache.cxf.jaxrs.JAXRSServerFactoryBean.setServiceBeans(java.lang.Object[])]: [public void org.apache.cxf.jaxrs.JAXRSServerFactoryBean.setServiceBeans(java.util.List)]
14:23:28,458  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl

Auriez-vous une piste sur tout ça?
D'avance, merci !