AnsweredAssumed Answered

ldap sync configuration problem

Question asked by ganesh.boil on Apr 29, 2009
Hi friends,
I'm facing a problem with ldap configuration with openldap on alfresco labs 3.0 stable one.
First i have a doubt what is the difference between using "ldap-authentication-context.xml" and "ldap-synchronisation-context.xml"   ??

And i edited both the properties files listed below.

my ldap-authentication.properties file is
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=uid=%s,ou=People,dc=company,dc=com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://localhost:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=uid=admin,dc=company,dc=com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

and my ldap-synchronisation.properties file is
# 
# This properties file is used to configure LDAP syncronisation
#

# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)

# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=ou=People,dc=company,dc=com

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider

# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=*)

# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=ou=Roles,dc=company,dc=com

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronisation.groupType=groupOfNames

# The person type in LDAP
ldap.synchronisation.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0/2 * * * ?

# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 0/2 * * * ?

# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true




and i just removed the .sample extension for both ldap-authentication-context.xml  and ldap-synchronisation-context.xml it refers i'm using these two files.
I didn't make any changes in these above two files except commenting the following in ldap-synchronisation-context.xml
<property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>


Now i'm able to login to the alfresco sucessfully and i'm not seeing all the users through admin ->Manage System Users section. and even i'm not seeing the groups which i have in my ldap tree structures.
i'm getting the following error in tomcat console.
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more
12:44:33,306  ERROR [quartz.core.ErrorLogger] Job (DEFAULT.ldapGroupJobDetail th
rew an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exc
eption: org.alfresco.repo.importer.ExportSourceImporterException: Failed to impo
rt]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to i
mport
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        … 1 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LD
AP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
buildGroupsAndRoots(LDAPGroupExportSource.java:365)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
generateExport(LDAPGroupExportSource.java:189)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more
Apr 29, 2009 12:44:45 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive share.war
12:44:55,903  INFO  [web.site.FrameworkHelper] Successfully Initialized Web Fram
ework
Apr 29, 2009 12:44:55 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive studio.war
12:45:06,779  INFO  [web.scripts.DeclarativeRegistry] Registered 67 Web Scripts
(+0 failed), 71 URLs
12:45:06,779  INFO  [web.scripts.AbstractRuntimeContainer] Initialised Presentat
ion Web Script Container (in 1506.3857ms)
12:46:00,363  ERROR [quartz.core.JobRunShell] Job DEFAULT.ldapGroupJobDetail thr
ew an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LD
AP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
buildGroupsAndRoots(LDAPGroupExportSource.java:365)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
generateExport(LDAPGroupExportSource.java:189)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more
12:46:00,363  ERROR [quartz.core.ErrorLogger] Job (DEFAULT.ldapGroupJobDetail th
rew an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exc
eption: org.alfresco.repo.importer.ExportSourceImporterException: Failed to impo
rt]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to i
mport
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        … 1 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LD
AP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
buildGroupsAndRoots(LDAPGroupExportSource.java:365)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
generateExport(LDAPGroupExportSource.java:189)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more
12:46:09,239  INFO  [web.scripts.DeclarativeRegistry] Registered 101 Web Scripts
(+0 failed), 105 URLs
12:46:09,239  INFO  [web.scripts.AbstractRuntimeContainer] Initialised WebFramew
ork Web Script Container (in 62304.195ms)
12:46:09,457  INFO  [web.site.FrameworkHelper] Successfully Initialized Web Fram
ework
Apr 29, 2009 12:46:11 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Apr 29, 2009 12:46:11 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 264520 ms
12:48:00,251  ERROR [quartz.core.JobRunShell] Job DEFAULT.ldapGroupJobDetail thr
ew an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LD
AP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
buildGroupsAndRoots(LDAPGroupExportSource.java:365)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
generateExport(LDAPGroupExportSource.java:189)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more
12:48:00,266  ERROR [quartz.core.ErrorLogger] Job (DEFAULT.ldapGroupJobDetail th
rew an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exc
eption: org.alfresco.repo.importer.ExportSourceImporterException: Failed to impo
rt]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to i
mport
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        … 1 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LD
AP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
buildGroupsAndRoots(LDAPGroupExportSource.java:365)
        at org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource.
generateExport(LDAPGroupExportSource.java:189)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSource
Importer.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextF
actoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 7 more


Is it my right configuration and do i need anything ??
Please help me out ?

Outcomes