Problem in LDAP-AD Process and Doubt in workflow

raghunandangowd · ‎3 May 2018

Hey guys,

I stuck in LDAP-AD Integration since I'm new to alfresco. I followed as below.

Please confirm me the work flow which I've done is whether right or wrong.

In the first,

1. Added the authentication-chain in alfresc-global.properties file.

2. Created a ldap-authentication.properties file and ldap-authentication-context.xml file under the [C:\alfresco-community\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad1] folder.

This is my current work for LDAP-AD Integration.

So, my doubt is, should I add any files other than the above .properties files and .xml file.

If so please let me know, what files I should add and where I'm supposed to add. [i.e. folder path]

I'm getting the below errors:

1. ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: domaincontroller.company.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]

2. ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04030019 Failed to communicate with ldap://domaincontroller.company.com:389. Reason javax.naming.CommunicationException, domaincontroller.company.com:389, java.net.ConnectException, Connection timed out: connect

Below is the properties which I'm running for LDAP-AD Integration.

The below code written in alfresco-gloabl.properties file:

authentication.chain=ldap-ad1:ldap-ad, alfinst:alfrescoNtlm
synchronization.import.cron=0 0 18 * * ?
synchronization.synchronizeChangeOnly=false

The below code written in ldap-authentication.properties file:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@xyz.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://svr01.xyz.com:389
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.authenticateFTP=true

# Enable synchronisation ..
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
# synchronization.syncOnStartup=true

ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=0

# Group, person Query and Differential Query
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
# Search and Timestamp
ldap.synchronization.groupSearchBase=dc\=xyz,dc\=com
ldap.synchronization.userSearchBase=ou\=users,dc\=xyz,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

And the xml files are attached.

[fyi: These two xml files are located in ldap-ad1 folder only.]

Any help is appreciated.

Cesar Capillas‌ You're veteran in LDAP-AD Integration. [ I followed as you suggested me in last post but it didn't work: fyi https://community.alfresco.com/message/831826-re-not-able-to-login-during-ldap-ad-integration?commen... ] Please help me out sir.

Regards,

Raghu

jayesh_prajapat · ‎3 May 2018

Hi

Looking at error you shared, connection is not happening and getting timeout.

First check point for you should be to verify connection detail you mentioned in ldap-authentication.properties file.

You may try same host, port, principle and credential with some LDAP client to confirm its working and you are able to connect.

jayesh_prajapat · ‎3 May 2018

I hope following links give you some more idea,

Cannot get LDAP Synch to work with AD
I need help in integrating AD with alfresco

Configuring LDAP | Alfresco Documentation