AnsweredAssumed Answered

Long Song Sync Ldap

Question asked by paulweb on Aug 5, 2009
Latest reply on Aug 7, 2009 by dward
os: win xp pro
alfresco version 3.2

for ldap Authentication I set

alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

alfresco-authentication.properties

alfresco.authentication.allowGuestLogin=true
alfresco.authentication.authenticateCIFS=true

ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@my-domain.ru
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://pridc.my-domain.ru:389/DC=my-domain,DC=ru
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=iam
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=iam@my-domain.ru
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=organizationalUnit)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=organizationalUnit)(!(modifyTimestamp<\={0})))
dap.synchronization.personQuery=(&(objectclass\=organizationalPerson)(userAccountControl:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=organizationalPerson)(userAccountControl:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.userSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=department
ldap.synchronization.personType=description
ldap.synchronization.groupMemberAttributeName=title
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
ldap.synchronisation.import.group.clearAllChildren=true

then i have started alfresco and tomcat hhas given in log following about ldap
log

10:23:58,701 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
10:23:58,889 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
10:23:59,154 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,154 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,170 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,170 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,186 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete

then i have opened alfreso and trying to  authorize using my AD login and pass alfreso has given following error

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
org.alfresco.error.AlfrescoRuntimeException: 07050007 Failed to import people.
caused by:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=my-domain,DC=ru'
]; remaining name 'ou=Êðåäèò Áàíê,dc=my-domain,dc=ru'
[/code]
in log
[code]
16:10:46,901 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
16:10:46,901 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'

when i off synchronization, Authentication  is work in alfresco creating user

how config synchronization? (I have found in many themes this forum but answer have not found)
and else question
Can i (admin) delete user who  authentication over ldap?

Outcomes