AnsweredAssumed Answered

LDAP server not supported

Question asked by doiheartwentyone on Feb 26, 2009
Latest reply on Jul 19, 2010 by dward
I'm trying to get Alfresco Labs 3 to work with our LDAP server. I've successfully configured authentication and chaining with a test LDAP server, but on the company network (eDirectory, as it happens) I get the following error:

>16:15:00,015 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://___:389/
>16:15:00,031 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://___:389/
>16:15:03,046 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://___:389/
>16:15:03,125 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Local Files\alfresco\tomcat\shared\classes\alfresco\extension\ldap-synchronisation-context.xml]: Invocation of init method failed; nested exception is org.alfresco.repo.security.authentication.AuthenticationException: The ldap server at ldap://___:389/ falls back to use anonymous bind for a known principal if  invalid security credentials are presented. This is not supported.

And the alfresco war fails to deploy.

Looking at other posts on this forum, the converse message ("…does not fall back to use anonymous bind…") is an indicator of success, so I guess the problem is that Alfresco just doesn't tolerate this configuration. My network administrator is not willing to change it for my sake.

Is there any plan to support this, or—if it's a deliberate security decision—must I junk Alfresco, or is there a workaround?

Outcomes