Help

Error while configuring LDAP for SSO

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
piyush48
Established Member
‎16 Mar 2020 9:48 AM

Error while configuring LDAP for SSO

Hi All,

I am getting errors while configuring LDAP with my SDK 3.0 after changing alfresco-global-properties file.

As i am new towards administrating Alfresco topic. I am following documentation example given. Please find the image of error occuring while running SDK 3.0.

 

Screenshot (1).png

 

Thanks,

Piyush

0 Kudos
5 Replies
EddieMay
Alfresco Employee
‎16 Mar 2020 11:21 AM

Re: Error while configuring LDAP for SSO

Hi @piyush48,

Take a look at this thread, it might be of help.

HTH

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
0 Kudos
narkuss
Established Member II
‎17 Mar 2020 6:41 AM

Re: Error while configuring LDAP for SSO

You are not effectively overriding default Alfresco ldap-ad properties, as the logs state it is trying to connect to ldap://domaincontroller.company.com:389, which is the default value for ldap.authentication.java.naming.provider.url, as you can see here: https://github.com/Alfresco/alfresco-repository/blob/3752edb6d69fe5ff4c47bbce4909193bd2db9a97/src/ma...

Check your ldap-ad configuration properties.

0 Kudos
piyush48
Established Member
‎17 Mar 2020 1:12 PM

Re: Error while configuring LDAP for SSO

I have tried following the code presented on link you have share but still having error with connection of LDAP.

Please look at my alfresco-global.properties file

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@alfresco.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://alfresco.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=administrator@alfresco.com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true

ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(ou=alfresco=alfresco,dc=com)(ou=alfresco,dc=alfresco,dc=com)))

ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(ou=alfresco,dc=alfresco,dc=com)(ou=alfresco,dc=alfresco,dc=com))(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=ou\=alfresco,dc\=alfresco,dc\=com

ldap.synchronization.userSearchBase=dc\=alfresco,dc\=com

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

 

 

 

 

Please suggest me changes to this file to solve error. Screenshot (2).pngScreenshot (3).png

0 Kudos
piyush48
Established Member
‎17 Mar 2020 1:15 PM

Re: Error while configuring LDAP for SSO

Also Eddie i have done changes as posted in your thread. i have provided my alfresco-global properties file above please go through and suggest.

 

 

Thanks,

Piyush

0 Kudos
EddieMay
Alfresco Employee
‎17 Mar 2020 3:52 PM

Re: Error while configuring LDAP for SSO

Hi @piyush48,

Looking at some of the values you are using, these are the default values - these need replacing with your equivalents. For example,  

ldap.authentication.userNameFormat=%s@alfresco.com

@alfresco.com should be replaced with your own domain.

 

Similarly,

ldap.authentication.java.naming.provider.url=ldap://alfresco.com:389
 
....

ldap.synchronization.java.naming.security.principal=administrator@alfresco.com

need changing - the 1st is looking to alfresco.com when it should be referring to the URL to connect to your own LDAP server.

This is probably the primary reason it says it's unable to connect to the LDAP server.

 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.