Help

Error en la sincronización mediante LDAP con Alfresco 3.4

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
aique
Member II
‎3 Jun 2012 11:47 PM

Error en la sincronización mediante LDAP con Alfresco 3.4

Hola!.

Estoy configurando la sincronización de usuarios con LDAP y obtengo varias excepciones durante el proceso de arranque.

Mi fichero alfresco-global.properties es el siguiente:



###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-3.4.d/alf_data

web.application.context.url=http://127.0.0.1:8080/alfresco

### database connection properties ###
db.driver=org.gjt.mm.mysql.Driver
db.username=<secret>
db.password=<secret>
db.name=alfresco
db.url=jdbc:mysql://localhost/alfresco

### FTP Server Configuration ###
ftp.enabled=true
ftp.port=21
ftp.ipv6.enabled=false

### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0

### External executable locations ###
ooo.exe=/program/soffice.bin
ooo.enabled=false
img.root=/opt/alfresco-3.4.d/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-3.4.d/common/bin/pdf2swf
jodconverter.enabled=true 
jodconverter.officeHome= 
jodconverter.portNumbers=8101 

### Initial admin password ###
alfresco_user_store.adminpassword=f1219e927c6fb48c2007c74d70fa50d8

### Autenticación LDAP ###
authentication.chain=ldap1:ldap

Mi fichero ldap-authentication.properties:



ldap.authentication.active=true

ldap.authentication.allowGuestLogin=false

ldap.authentication.userNameFormat=uid=%s,ou=People,ou=Departamento de Informatica,o=Universidad de Oviedo,c=es

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server 
ldap.authentication.java.naming.provider.url=<secret>

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=

ldap.synchronization.active=true

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=uid=PAS,ou=People,ou=Departamento de Informatica,o=Universidad de Oviedo,c=es

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=<secret>

# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000
    
ldap.synchronization.attributeBatchSize=1000

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=posixGroup)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou=Group,ou=Departamento de Informatica,o=Universidad de Oviedo,c=es

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou=People,ou=Departamento de Informatica,o=Universidad de Oviedo,c=es

# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=homeDirectory

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=description

# The group type in LDAP
ldap.synchronization.groupType=posixGroup

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=memberUid

# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true

Mi fichero ldap-authentication-context.xml:


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<!–
   Bean definitions shared by the ldap and ldap-ad subsystems
–>

<beans>
   <!– LDAP authentication configuration –>

   <!–

      You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign
      on from the web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP
      store if it supports other authentication routes, like Active Directory.
   –>

   <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"
      parent="authenticationComponentBase">
      <property name="active">
         <value>${ldap.authentication.active}</value>
      </property>
      <property name="LDAPInitialDirContextFactory">
         <ref bean="ldapInitialDirContextFactory" />
      </property>
      <property name="userNameFormat">
         <value>${ldap.authentication.userNameFormat}</value>
      </property>
      <property name="ldapNameResolver">
         <ref bean="userRegistry" />
      </property>
      <property name="nodeService">
         <ref bean="nodeService" />
      </property>
      <property name="personService">
         <ref bean="personService" />
      </property>
      <property name="transactionService">
         <ref bean="transactionService" />
      </property>
      <property name="escapeCommasInBind">
         <value>${ldap.authentication.escapeCommasInBind}</value>
      </property>
      <property name="escapeCommasInUid">
         <value>${ldap.authentication.escapeCommasInUid}</value>
      </property>
      <property name="allowGuestLogin">
         <value>${ldap.authentication.allowGuestLogin}</value>
      </property>
      <property name="defaultAdministratorUserNameList">
         <value>${ldap.authentication.defaultAdministratorUserNames}</value>
      </property>
   </bean>

   <!– Wrapped version to be used within subsystem –>
   <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
      <property name="proxyInterfaces">
         <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
      </property>
      <property name="transactionManager">
         <ref bean="transactionManager" />
      </property>
      <property name="target">
         <ref bean="authenticationComponent" />
      </property>
      <property name="transactionAttributes">
         <props>
            <prop key="*">${server.transaction.mode.default}</prop>
         </props>
      </property>
   </bean>

   <!– Authenticaton service for chaining –>
   <bean id="localAuthenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="ticketComponent">
         <ref bean="ticketComponent" />
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponent" />
      </property>
      <property name="sysAdminParams">
         <ref bean="sysAdminParams" />
      </property>
      <property name="auditComponent">
         <ref bean="auditComponent" />
      </property>
   </bean>

   <!–

      This bean is used to support general LDAP authentication. It is also used to provide read only access to users and
      groups to pull them out of the LDAP reopsitory
   –>

   <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
      <property name="initialDirContextEnvironment">
         <map>
            <!– The LDAP provider –>
            <entry key="java.naming.factory.initial">
               <value>${ldap.authentication.java.naming.factory.initial}</value>
            </entry>

            <!– The url to the LDAP server –>
            <!– Note you can use space separated urls - they will be tried in turn until one works –>
            <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
            <entry key="java.naming.provider.url">
               <value>${ldap.authentication.java.naming.provider.url}</value>
            </entry>

            <!– The authentication mechanism to use      –>
            <!– Some sasl authentication mechanisms may require a realm to be set –>
            <!–                java.naming.security.sasl.realm –>
            <!– The available options will depend on your LDAP provider –>
            <entry key="java.naming.security.authentication">
               <value>${ldap.authentication.java.naming.security.authentication}</value>
            </entry>

            <!– The id of a user who can read group and user information –>
            <!– This does not go through the pattern substitution defined above and is used "as is" –>
            <entry key="java.naming.security.principal">
               <value>${ldap.synchronization.java.naming.security.principal}</value>
            </entry>

            <!– The password for the user defined above –>
            <entry key="java.naming.security.credentials">
               <value>${ldap.synchronization.java.naming.security.credentials}</value>
            </entry>
         </map>
      </property>
   </bean>

    <!– Regularly exports user and group information from LDAP –>
    
    <bean id="userRegistry" class="org.alfresco.repo.security.sync.ldap.LDAPUserRegistry">
        <property name="active">
            <value>${ldap.synchronization.active}</value>
        </property>

        <!–
        If positive, this property indicates that RFC 2696 paged results should be
        used to split query results into batches of the specified size. This
        overcomes any size limits imposed by the LDAP server.        
        –>
        <property name="queryBatchSize">
            <value>${ldap.synchronization.queryBatchSize}</value>
        </property>

        <!–
        If positive, this property indicates that range retrieval should be used to fetch
        multi-valued attributes (such as member) in batches of the specified size.
        Overcomes any size limits imposed by Active Directory.        
        –>
        <property name="attributeBatchSize">
            <value>${ldap.synchronization.attributeBatchSize}</value>
        </property>

        <!–
        The query to select all objects that represent the groups to import.
        
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=groupOfNames)
        
        For Active Directory:
        (objectclass=group)
        –>
        <property name="groupQuery">
            <value>${ldap.synchronization.groupQuery}</value>
        </property>
        
        <!–
        The query to select objects that represent the groups to import that have changed since a certain time.
        
        For Open LDAP, using a basic schema, the following is probably what you want:
        (&(objectclass=groupOfNames)(!(modifyTimestamp<={0})))
        
        For Active Directory:
        (&(objectclass=group)(!(modifyTimestamp<={0})))
        –>
        <property name="groupDifferentialQuery">
            <value>${ldap.synchronization.groupDifferentialQuery}</value>
        </property>

        <!– 
        The query to select all objects that represent the users to import.
        
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=inetOrgPerson)
        
        For Active Directory:
        (objectclass=user)
        –>
        <property name="personQuery">
            <value>${ldap.synchronization.personQuery}</value>
        </property>
        
        <!– 
        The query to select objects that represent the users to import that have changed since a certain time.
        
        For Open LDAP, using a basic schema, the following is probably what you want:
        (&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))
        
        For Active Directory:
        (&(objectclass=user)(!(modifyTimestamp<={0})))
        –>
        <property name="personDifferentialQuery">
            <value>${ldap.synchronization.personDifferentialQuery}</value>
        </property>

        <!–
        The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
        –>
        <property name="groupSearchBase">
            <value>${ldap.synchronization.groupSearchBase}</value>
        </property>
        
        <!–
        The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
        –>
        <property name="userSearchBase">
            <value>${ldap.synchronization.userSearchBase}</value>
        </property>

        <!–
        The unique identifier for the user.
        –>
        <property name="userIdAttributeName">
            <value>${ldap.synchronization.userIdAttributeName}</value>
        </property>
        
        <!–
        The name of the operational attribute recording the last update time for a group or user.
        –>
        <property name="modifyTimestampAttributeName">
            <value>${ldap.synchronization.modifyTimestampAttributeName}</value>
        </property>

        <!–
        The timestamp format. Unfortunately, this varies between directory servers.
        –>
        <property name="timestampFormat">
            <value>${ldap.synchronization.timestampFormat}</value>
        </property>

        <!–
        An attribute that is a unique identifier for each group found. 
        This is also the name of the group with the current group implementation.
        This is mandatory for any groups found.
        
        OpenLDAP: "cn" as it is mandatory on groupOfNames
        Active Directory: "cn"
        
        –>
        <property name="groupIdAttributeName">
            <value>${ldap.synchronization.groupIdAttributeName}</value>
        </property>
        
        <!– 
        The objectClass attribute for group members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a group. 
        –>
        <property name="groupType">
            <value>${ldap.synchronization.groupType}</value>
        </property>
        
        <!– 
        The objectClass attribute for person members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a person. 
        –>
        <property name="personType">
            <value>${ldap.synchronization.personType}</value>
        </property>
        
        <!–
        The repeating attribute on group objects (found by query or as sub groups)
        used to define membership of the group. This is assumed to hold distinguished names of
        other groups or users/people; the above types are used to determine this.
        
        OpenLDAP: "member" as it is mandatory on groupOfNames
        Active Directory: "member"
        
        –>
        <property name="memberAttribute">
            <value>${ldap.synchronization.groupMemberAttributeName}</value>
        </property>        

        <!–
        This property defines a mapping between attributes held on LDAP user objects and
        the properties of user objects held in the repository. The key is the QName of an attribute in
        the repository, the value is the attribute name from the user/inetOrgPerson/.. object in the
        LDAP repository.     
        –>
        <property name="personAttributeMapping">
            <map>
                <entry key="cm:userName">
                    <!– Must match the same attribute as userIdAttributeName –>
                    <value>${ldap.synchronization.userIdAttributeName}</value>
                </entry>
                <entry key="cm:firstName">
                    <!– OpenLDAP: "givenName" –>
                    <!– Active Directory: "givenName" –>
                    <value>${ldap.synchronization.userFirstNameAttributeName}</value>
                </entry>
                <entry key="cm:lastName">
                    <!– OpenLDAP: "sn" –>
                    <!– Active Directory: "sn" –>
                    <value>${ldap.synchronization.userLastNameAttributeName}</value>
                </entry>
                <entry key="cm:email">
                    <!– OpenLDAP: "mail" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronization.userEmailAttributeName}</value>
                </entry>
                <entry key="cm:organizationId">
                    <!– OpenLDAP: "o" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
                </entry>
                <!– Always use the default –>
                <entry key="cm:homeFolderProvider">
                    <null/>
                </entry>
            </map>
        </property>
        <!– Set a default home folder provider –>
        <!– Defaults only apply for values above –>
        <property name="personAttributeDefaults">
            <map>
                <entry key="cm:homeFolderProvider">
                    <value>${ldap.synchronization.defaultHomeFolderProvider}</value>
                </entry>
            </map>
        </property>
    
        <!–
        This property defines a mapping between attributes held on LDAP group objects and
        the properties of authorities held in the repository. The key is the QName of an attribute in
        the repository, the value is the attribute name from the group object in the LDAP repository.     
        –>
        <property name="groupAttributeMapping">
            <map>
                <entry key="cm:authorityName">
                    <!– Must match the same attribute as groupIdAttributeName –>
                    <value>${ldap.synchronization.groupIdAttributeName}</value>
                </entry>
                <entry key="cm:authorityDisplayName">
                    <!– OpenLDAP: "description" –>
                    <!– Active Directory: "displayName" –>
                    <value>${ldap.synchronization.groupDisplayNameAttributeName}</value>
                </entry>
            </map>
        </property>

        <property name="enableProgressEstimation">
            <value>${ldap.synchronization.enableProgressEstimation}</value>
        </property>

        <!– Services –>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        
    </bean>

</beans>

Cuando arranco Alfresco con esta configuración obtengo esto:


13:04:44,971  ERROR [extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: Error creating bean with name 'localAuthenticationService' defined in file [/opt/alfresco-3.4.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication-context.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'auditComponent' of bean class [org.alfresco.repo.security.authentication.AuthenticationServiceImpl]: [b]Bean property 'auditComponent' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?[/b]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'localAuthenticationService' defined in file [/opt/alfresco-3.4.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication-context.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'auditComponent' of bean class [org.alfresco.repo.security.authentication.AuthenticationServiceImpl]: Bean property 'auditComponent' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1341)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
   at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1004)
   at org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationService.getUsableAuthenticationServices(SubsystemChainingAuthenticationService.java:115)
   at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:176)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:44)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.audit.AuditMethodInterceptor.proceedWithAudit(AuditMethodInterceptor.java:217)
   at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:184)
   at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:137)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy56.authenticate(Unknown Source)
   at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:176)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:290)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:333)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:189)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
   at java.lang.Thread.run(Thread.java:619)
Caused by: org.springframework.beans.NotWritablePropertyException: Invalid property 'auditComponent' of bean class [org.alfresco.repo.security.authentication.AuthenticationServiceImpl]: Bean property 'auditComponent' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
   at org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:1012)
   at org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:860)
   at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:76)
   at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:58)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1338)
   … 50 more

Si elimino las líneas referentes a auditComponent del fichero ldap-authentication-context.xml y reinicio, obtengo esta otra excepción:


12:49:33,372 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
12:49:33,377 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
12:49:33,386 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04290000 Unable to connect to LDAP Server; check LDAP configuration
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:118)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:89)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1125)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:618)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.NotContextException: [b]Not an instance of LdapContext[/b]
   at javax.naming.ldap.InitialLdapContext.getDefaultLdapInitCtx(InitialLdapContext.java:152)
   at javax.naming.ldap.InitialLdapContext.setRequestControls(InitialLdapContext.java:182)
   at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:101)
   … 49 more

De la segunda manera al menos consigo que el sistema arranque, e incluso la validación LDAP funciona. Desde un cliente LDAP me conecto sin problemas con el usuario configurado…

¿Cual puede ser la causa o la posible solución?, agradecería cualquier idea por pequeña que fuera, estoy completamente bloqueado en este punto.

Saludos!
0 Kudos
Reply
2 Replies
cristinamr
Advanced
‎5 Jun 2012 0:12 PM

Re: Error en la sincronización mediante LDAP con Alfresco 3.4

Buenas.

A ver, he intentado googlear tu error pero solo me ha salido tu propio resultado, por lo que me da que es un error "particular", es decir, tuyo, por algún parámetro que se te haya colado o algo. Porque si te fijas el error lo da en el contexto cuando intenta levantarlo para la sincronización.

Lo primero antes de nada es que revises tu configuración, ojea esta entrada del usuario iaranda que aunque sea para la 3.2 y 3.3 puede darte referencia.

Lo segundo que te quería preguntar, ese context ¿lo has copiado desde el despliegue? (es decir, desde tomcat/webapps/alfresco…)

Comentame a ver si damos con el problema entre todos  :wink:

Un saludo.
--
VenziaIT: helping companies since 2005! Our ECM products: AQuA & Seidoc
0 Kudos
Reply
aique
Member II
‎5 Jul 2012 7:42 PM

Re: Error en la sincronización mediante LDAP con Alfresco 3.4

Me gustaría decir que dí con ello, pero finalmente mi solución fue instalar la versión 3.3, donde estaba funcionando con la configuración que especifiqué en el post.

Saludos y gracias!.
0 Kudos
Reply
The Archive

Content from pre 2016 and from language groups that have been closed.

Content is read-only.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.