Hello Everyone,
Kindly help to solve this issue, how to integrate Azure AD integration with alfresco community edition 5.2,
For your reference below i have attached with files(ldap-ap-properties file), if done any mistakes kindly rectify this issue immediately.
ldap.authentication.allowGuestLogin=false
### LDAP-AD Auth ###
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@xxx.onmicrosoft.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://xxxx.onmicrosoft.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator, admin
### LDAP-AD Synch ###
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=xxxx@xxx.onmicrosoft.com
ldap.synchronization.java.naming.security.credentials=xxxxx
ldap.synchronization.queryBatchSize=5000
ldap.synchronization.attributeBatchSize=5000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.import.cron=0 0/15 * * * ?
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,ou\=xxx,dc=xxx,dc=onmicrosoft,dc=com
ldap.synchronization.userSearchBase=ou\=Users,ou\=xxx,dc=xxx,dc=onmicrosoft,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
in global-properties files
######Active Directory#######
### Authentication ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm, ldap1:ldap-ad,ldap2:ldap-ad
ntlm.authentication.sso.enabled=false
authentication.protection.enabled=false
It seems like you have configured authentication and synchronization from 2 LDAP-AD.
Make sure you have followed this if you are on community version: https://docs.alfresco.com/6.1/tasks/auth-example-twoldap-ad.html
For the enterprise, you can configure it from Admin console on the fly.
From the above configuration can't comment much. Please share the error log, it would be more helpful. As so many things depend on the AD structure. Like in which OU does users and groups lie?
Thanks for quick response,
Below i have attached with error log files.
2019-07-23 04:54:48,362 ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Serve$
javax.naming.CommunicationException: xxxx.onmicro2019-07-23 04:55:07,032 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 06230018 Failed to communicate with ldap://asacci.onmicrosoft.com:389. Reason javax.naming.Communica$
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:263)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:193)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:162)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:714)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:711)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:996)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:742)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.access$16(ChainingUserRegistrySynchronizer.java:474)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:2141)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:555)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:2135)
soft.com:389 [Root exception is java.net.UnknownHostException: asacci.onmicrosoft.com]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:495)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1573)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinition
2019-07-23 04:55:07,181 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 06230018 Failed to communicate with ldap://asacci.onmicrosoft.com:389. Reason javax.naming.Communica$
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:263)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:193)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:162)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:714)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:711)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:996)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:742)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.access$16(ChainingUserRegistrySynchronizer.java:474)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:2141)
2019-07-23 04:55:07,194 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 06230018 Failed to communicate with ldap://asacci.onmicrosoft.com:389. Reason javax.naming.Communica$
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:263)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:193)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:162)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:714)
From the log, it seems like Alfresco could not connect to your AD on ldap://asacci.onmicrosoft.com:389.
Please make sure you can connect to the AD server and enter the correct domain and port ldap://asacci.onmicrosoft.com:389.
Thanks for your response,
I have written correct domain and login credentials, and also i have opened port number 389, but still i am facing the same problem, any other solutions are there to find out the error, Kindly do needful.
Regards
Chaya R A
Are able to access the AD from any LDAP client with the same domain and port?
yes, my alfresco server installed in cloud and we are implementing Azure AD for that one, but its not connecting
what is the solution for cloud level AD integration, tell me some solution for this one.
Can you share the documentation you followed while installing Alfresco in cloud?
For installing alfresco on cloud.
https://docs.alfresco.com/community5.1/tasks/simpleinstall-community-lin.html
For AD integration in alfresco
tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ad1
ldap.authentication.allowGuestLogin=false
### LDAP-AD Auth ###
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@xxx.onmicrosoft.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://xxx.onmicrosoft.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator, admin
### LDAP-AD Synch ###
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=xxx@asacci.onmicrosoft.com
ldap.synchronization.java.naming.security.credentials=xxxxxx
ldap.synchronization.queryBatchSize=5000
ldap.synchronization.attributeBatchSize=5000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.import.cron=0 0/15 * * * ?
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,ou\=xx,dc=xxx,dc=onmicrosoft,dc=com
ldap.synchronization.userSearchBase=ou\=Users,ou\=xxx,dc=xxx,dc=onmicrosoft,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
In Alfresco-global-properties files
######Active Directory#######
### Authentication ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm, ldap1:ldap-ad,ldap2:ldap-ad
ntlm.authentication.sso.enabled=false
authentication.protection.enabled=false
The documentation refers to the community installation with the installer on Linux instance which I doubt may be a cloud instance.
By referring the Logs there is certainly something wrong with connecting to AD from your cloud instance.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.