Error while configuring LDAP for SSO

cancel
Showing results for 
Search instead for 
Did you mean: 
piyush48
Established Member

Error while configuring LDAP for SSO

Hi All,

I am getting errors while configuring LDAP with my SDK 3.0 after changing alfresco-global-properties file.

As i am new towards administrating Alfresco topic. I am following documentation example given. Please find the image of error occuring while running SDK 3.0.

 

Screenshot (1).png

 

Thanks,

Piyush

5 Replies
EddieMay
Alfresco Employee

Re: Error while configuring LDAP for SSO

Hi @piyush48,

Take a look at this thread, it might be of help.

HTH

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
narkuss
Established Member II

Re: Error while configuring LDAP for SSO

You are not effectively overriding default Alfresco ldap-ad properties, as the logs state it is trying to connect to ldap://domaincontroller.company.com:389, which is the default value for ldap.authentication.java.naming.provider.url, as you can see here: https://github.com/Alfresco/alfresco-repository/blob/3752edb6d69fe5ff4c47bbce4909193bd2db9a97/src/ma...

Check your ldap-ad configuration properties.

piyush48
Established Member

Re: Error while configuring LDAP for SSO

I have tried following the code presented on link you have share but still having error with connection of LDAP.

Please look at my alfresco-global.properties file

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@alfresco.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://alfresco.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=administrator@alfresco.com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true

ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(ou=alfresco=alfresco,dc=com)(ou=alfresco,dc=alfresco,dc=com)))

ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(ou=alfresco,dc=alfresco,dc=com)(ou=alfresco,dc=alfresco,dc=com))(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=ou\=alfresco,dc\=alfresco,dc\=com

ldap.synchronization.userSearchBase=dc\=alfresco,dc\=com

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

 

 

 

 

Please suggest me changes to this file to solve error. Screenshot (2).pngScreenshot (3).png

piyush48
Established Member

Re: Error while configuring LDAP for SSO

Also Eddie i have done changes as posted in your thread. i have provided my alfresco-global properties file above please go through and suggest.

 

 

Thanks,

Piyush

EddieMay
Alfresco Employee

Re: Error while configuring LDAP for SSO

Hi @piyush48,

Looking at some of the values you are using, these are the default values - these need replacing with your equivalents. For example,  

ldap.authentication.userNameFormat=%s@alfresco.com

@alfresco.com should be replaced with your own domain.

 

Similarly,

ldap.authentication.java.naming.provider.url=ldap://alfresco.com:389
 
....

ldap.synchronization.java.naming.security.principal=administrator@alfresco.com

need changing - the 1st is looking to alfresco.com when it should be referring to the URL to connect to your own LDAP server.

This is probably the primary reason it says it's unable to connect to the LDAP server.

 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!