Je viens de créer mon annuaire ldap, que je veux...
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Alfresco Hub
- :
- Forum Archive
- :
- Re: Je viens de créer mon annuaire ldap, que je ve...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
bonjour
Je n’ai pas pu travailler dessus aujourd’hui, je testerai les logs ldap demain.
En attendant je vous propose mon fichier slapd.conf
Est-il bien paramétré ?
Je n’ai pas pu travailler dessus aujourd’hui, je testerai les logs ldap demain.
En attendant je vous propose mon fichier slapd.conf
Est-il bien paramétré ?
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include C:\********\openLDAP-2.1.3\schema\core.schema
include C:\********\openLDAP-2.1.3\schema\cosine.schema
include C:\********\openLDAP-2.1.3\schema\nis.schema
include C:\********\openLDAP-2.1.3\schema\inetorgperson.schema
schemacheck on
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile C:\********\openLDAP-2.1.3\slapd.pid
argsfile C:\********\openLDAP-2.1.3\slapd.args
# Load dynamic backend modules:
# modulepath %MODULEDIR%
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attribute=userPassword
by dn="cn=manager, dc=******,dc=******,dc=******,dc=******" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=manager, dc=******,dc=******,dc=******,dc=******" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#
#
#
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=******,dc=******,dc=******,dc=******"
rootdn "cn=manager, dc=******,dc=******,dc=******,dc=******"
rootpw ******
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory C:\********\openLDAP-2.1.3\openldap-ldbm
# Indices to maintain
index objectClass eq- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
n'y a-t-il pas un probleme avec mon attribut userPassword ?
je l'ai créé à partir de ldapbrowser et sa valeur est binary[4b], n'y a-t-il pas un problème quand il compare mon mot de passe rentré et celui de l'annuaire ldap?
merci
je l'ai créé à partir de ldapbrowser et sa valeur est binary[4b], n'y a-t-il pas un problème quand il compare mon mot de passe rentré et celui de l'annuaire ldap?
merci
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
n'y a-t-il pas un probleme avec mon attribut userPassword ?Aucune idée.
je l'ai créé à partir de ldapbrowser et sa valeur est binary[4b], n'y a-t-il pas un problème quand il compare mon mot de passe rentré et celui de l'annuaire ldap?D'après ce que j'ai compris, le début du mot de passe stocké dans un annuaire indique le format de celui-ci (SHA1, MD5, etc.). Et c'est à la charge de l'annuaire de faire la correspondance entre le mot de passe envoyé en clair par un client (Alfresco ou autre) et le mot de passe chiffré dans l'annuaire. Donc on peut avoir des mots de passe chiffrés de différentes manières (SHA1 pour un utilisateur, CLEAR pour un autre, etc.) et ça fonctionne très bien.
Essaie de faire un bind sur ton annuaire avec un client LDAP normal du genre ldapsearch qui est fourni avec OpenLDAP.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
bonjour
Je viens d’ajouter cette ligne dans log4j.properties
log4j.logger.org.alfresco.repo.security.authentication.ldap=DEBUG
J’obtiens les mess suivants :
Je viens d’ajouter cette ligne dans log4j.properties
log4j.logger.org.alfresco.repo.security.authentication.ldap=DEBUG
J’obtiens les mess suivants :
09:26:08,401 ERROR [org.alfresco.repo.content.transform.magick.AbstractImageMagickContentTransformer] ImageMagickContentTransformer not available: Failed to perform ImageMagick transformation:
Execution result:
os: Linux
command: convert /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_source_23760.gif /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_target_23761.png
succeeded: false
exit code: 1
out:
err: java.io.IOException: convert: not found
09:26:16,985 WARN [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
09:26:19,954 WARN [org.alfresco.util.OpenOfficeConnectionTester] A connection to OpenOffice could not be established.
09:26:23,450 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://127.0.0.1:389
09:26:23,456 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://127.0.0.1:389
09:26:23,459 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://127.0.0.1:389
09:26:23,522 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://127.0.0.1:389
09:26:24,784 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.PostgreSQLDialect.
09:26:32,611 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
09:26:36,984 WARN [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco 'dir.root' property is set to a relative path './alf_data'. 'dir.root' should be overridden to point to a specific folder.
09:26:36,984 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: ./alf_data
09:26:37,765 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
09:26:38,030 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
09:26:38,547 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.5.0_12-b04; maximum heap size 1012.625MB
09:26:38,547 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (484) schema 64 - Installed version 2.1.0 (484) schema 64- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
Ok, apparemment ce ne sont que des infos.
INFO[org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl]
Ensuite lors de la synchronisation, j’ai une série de DEBUG qui commence par
DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource]
ou
DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource]
Et qui détaille donc la synchronisation, et tout se passe bien.
Donc ce DEBUG
log4j.logger.org.alfresco.repo.security.authentication.ldap=DEBUG dans log4j.properties
Me retrace bien toute tentative de connexion, et d’authentification avec mon ldap.
Donc si je comprend bien, normalement lorsque je rentre un login et un mot de passe afin de m’authentifier, je devrais avoir un DEBUG quelques part pour me dire que l’opération est réussi ou qu’elle a échouée (puisque je n’arrive pas à m’authentifier) ?
En fait c’est comme si le « bind » ne se faisait pas.
Dsl je vous reposte mes fichiers :
INFO[org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl]
Ensuite lors de la synchronisation, j’ai une série de DEBUG qui commence par
DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource]
ou
DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource]
Et qui détaille donc la synchronisation, et tout se passe bien.
Donc ce DEBUG
log4j.logger.org.alfresco.repo.security.authentication.ldap=DEBUG dans log4j.properties
Me retrace bien toute tentative de connexion, et d’authentification avec mon ldap.
Donc si je comprend bien, normalement lorsque je rentre un login et un mot de passe afin de m’authentifier, je devrais avoir un DEBUG quelques part pour me dire que l’opération est réussi ou qu’elle a échouée (puisque je n’arrive pas à m’authentifier) ?
En fait c’est comme si le « bind » ne se faisait pas.
Dsl je vous reposte mes fichiers :
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean name="personalLDAPHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
</property>
<property name="ownerPemissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPemissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://localhost:389</value>
</entry>
<entry key="java.naming.security.authentication">
<value>SIMPLE</value>
</entry>
<entry key="java.naming.security.principal">
<value>cn=manager,dc=***,dc=***,dc=***,dc=***</value>
</entry>
<entry key="java.naming.security.credentials">
<value>***</value>
</entry>
</map>
</property>
</bean>
<!– Ldap Syncronisation support –>
<!– Extract user information from LDAP and transform this to XML –>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=inetOrgPerson)</value>
</property>
<property name="searchBase">
<value>dc=***,dc=***,dc=***,dc=***</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<!– Services –>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>uid</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>o</value>
</entry>
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>
<property name="attributeDefaults">
<map>
<entry key="cm:homeFolderProvider">
<value>personalLDAPHomeFolderProvider</value>
</entry>
</map>
</property>
</bean>
<!– Extract group information from LDAP and transform this to XML –>
<bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
<property name="groupQuery">
<value>(objectclass=groupOfNames)</value>
</property>
<property name="searchBase">
<value>dc=***,dc=***,dc=***,dc=***</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<property name="groupIdAttributeName">
<value>cn</value>
</property>
<property name="groupType">
<value>groupOfNames</value>
</property>
<property name="personType">
<value>inetOrgPerson</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="memberAttribute">
<value>member</value>
</property>
<property name="authorityDAO">
<ref bean="authorityDAO"/>
</property>
</bean>
<bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport"/>
</entry>
</map>
</property>
</bean>
</property>
<!– Start after minutes of starting the repository –>
<property name="startDelay">
<value>30000</value>
</property>
<!– Repeat every hour –>
<property name="repeatInterval">
<value>3600000</value>
</property>
<!– Commented out to disable –>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapGroupImport"/>
</entry>
</map>
</property>
</bean>
</property>
<!– Start after 5 minutes of starting the repository –>
<property name="startDelay">
<value>30000</value>
</property>
<!– Repeat every hour –>
<property name="repeatInterval">
<value>3600000</value>
</property>
<!– Commented out to disable –>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<!– The bean that imports xml describing people –>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<!– <ref bean="authenticationComponent"/> –>
<ref bean="authenticationComponentImplLDAP"/>
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource"/>
</property>
<!– The store that contains people - this should not be changed –>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<!– The location of people nodes within the store defined above - this should not be changed –>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<!– If true, clear all existing people before import, if false update/add people from the xml –>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<property name="caches">
<set>
<ref bean="permissionsAccessCache"/>
</set>
</property>
</bean>
<!– The bean that imports xml descibing groups –>
<bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<!– <ref bean="authenticationComponent"/> –>
<ref bean="authenticationComponentImplLDAP"/>
</property>
<property name="exportSource">
<ref bean="ldapGroupExportSource"/>
</property>
<!– The store that contains group information - this should not be changed –>
<property name="storeRef">
<value>${alfresco_user_store.store}</value>
</property>
<!– The location of group information in the store above - this should not be changed –>
<property name="path">
<value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
</property>
<!– If true, clear all existing groups before import, if false update/add groups from the xml –>
<property name="clearAllChildren">
<value>true</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<!– caches to clear on import of groups –>
<property name="caches">
<set>
<ref bean="userToAuthorityCache"/>
<ref bean="permissionsAccessCache"/>
</set>
</property>
<!– userToAuthorityCache –>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplLDAP"/>
</list>
</property>
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
</bean>
<!– Alfresco Auth –>
<bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
<bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="allowGuestLogin">
<value>false</value>
</property>
</bean>
<!– LDAP Auth –>
<bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoLDAP" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplLDAP" />
</property>
</bean>
<bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s,ou=internes,ou=personnes,dc=***,dc=***,dc=***,dc=***</value>
</property>
</bean>
<bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
</beans>- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
Bien, c'est une bonne nouvelle 
Donc, si je résume, tu as renommé le bean authenticationServiceImpl en authenticationService dans le fichier chaining-authentication-context.xml. Et depuis l'authentification LDAP et locale fonctionnent.
Donc, si je résume, tu as renommé le bean authenticationServiceImpl en authenticationService dans le fichier chaining-authentication-context.xml. Et depuis l'authentification LDAP et locale fonctionnent.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Je viens de créer mon annuaire ldap, que je veux...
Bien, c'est une bonne nouvelletout simplement …
Donc, si je résume, tu as renommé le bean authenticationServiceImpl en authenticationService dans le fichier chaining-authentication-context.xml. Et depuis l'authentification LDAP et locale fonctionnent.
- « Previous
- Next »
The Archive
Content from pre 2016 and from language groups that have been closed.
Content is read-only.
Latest Articles
- configuration envoi de mail Exchange
- Issue with MOVE Request (502) When Using Session T...
- Problemas al visual archivo desde alfresco
- Rendre obligatoire la saisie d'une propriété d'un ...
- Language dans l'entrepot
- Error al implementar Alfresco en AWS
- Alfresco Content Application und Share no se carga...
- set the number of characters to insert in the titl...
- Unidades de red webdav
- En inicio, aparece Error al cargar elementos en re...
- Alfresco RM in Community 6.2
- Obtener enlace público de una imagen
- sessiones
- Problems with my own ssl and Solr
- No deja borrar espacios
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.