AnsweredAssumed Answered

LDAP Authentication Problem

Question asked by pajarokillo on May 25, 2007
Latest reply on May 29, 2007 by sebastien.marin
Hi, i have just installed Alfresco 2.0, and i want to authenticate users in an external LDAP Active Directory, but it don't work.

I have done the following steps:

1.- I uncommented the ldap-authentication-context.xml file and I modify his content:



<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
     <!– LDAP authentication configuration –>
   
    <!–
   
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
   
    –>
   
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
           
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
           
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
           
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
            Usually for simple authentication.
           
            –>
            <value>samaccountname=%s</value>
        </property>
    </bean>
   
    <!–
   
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
   
    –>
   
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
               
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                    <!–<value>ldap://openldap.domain.com:389</value>–>
                    <value>ldap://172.21.0.10:3268</value>
                </entry>
               
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–                java.naming.security.sasl.realm –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                </entry>
               
                <!– The id of a user who can read group and user information –>
                <!– This does not go through the pattern substitution defined above and is used "as is" –>
                <entry key="java.naming.security.principal">
                    <value>documental</value>
                </entry>
               
                <!– The password for the user defined above –>
                <entry key="java.naming.security.credentials">
                    <!–<value>secret</value>–>
                    <value>*****</value>
                </entry>
            </map>
        </property>
    </bean>
   

   
</beans>


Whe i start Alfresco i get the next error:


14:31:07,142 ERROR [org.alfresco.smb.protocol.auth] No valid CIFS authentication combination available
14:31:07,142 ERROR [org.alfresco.smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
14:31:07,158 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
   at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:348)
   at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3310)
   at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2310)
   at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:634)
   at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4007)
   at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:225)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:323)
   at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:134)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3763)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4211)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:809)
   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:698)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
   at org.apache.catalina.core.StandardService.start(StandardService.java:450)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:585)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

Have someone any idea of this error?

Have i to use CIFS authenticator configuration mandatorily to authenticate user against LDAP?

Thanks

Outcomes