AnsweredAssumed Answered

LDAP/Active Directory authentication AGAIN-why is so hard?

Question asked by bxiang on Mar 9, 2009
Latest reply on Mar 10, 2009 by bxiang
Hi,

We are currently evaluating Alfresco/Nuxeo. I got Nuxeo authenticated against Active Directory using LDAP pretty quickly. But I can not get Alfresco authentication working using LDAP(Active Diretory) even after few days struggling. Here is what I did:
1) Download Lab 3stable (tomcat bundle).
2) Start server and login using admin/admin no problem, and Shutdown server
3) Added this in log4j.properties file:
log4j.logger.org.alfresco.repo.importer.ImporterJob=debug
log4j.logger.org.alfresco.repo.importer.ExportSourceImporter=debug
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug
4) My ldap-authentication.properties file:
ldap.authentication.userNameFormat=CN=%s,OU=Dev,DC=tlr,DC=com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://110.192.4.33:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=tlr\admin

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=****

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
5)Renamed ldap-authentication-context.xml.sample to ldap-authentication-context.xml

But it does not work. I saw this in alfresco.log :
11:59:53,814 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://110.192.4.33:389
11:59:53,829 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://110.192.4.33:389
11:59:53,845 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://110.192.4.33:389
11:59:53,845 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://110.192.4.33:389
But no other information tells me where to look the problem.

I have even tried using in ldap-authentication.properties:
ldap.authentication.userNameFormat=%s
and
ldap.authentication.userNameFormat=sAMAccountName=%s

But none of them work. All I want is get simple LDAP authentication work. What is it so hard? Help please!!!

Thanks,
Brian

Outcomes