AnsweredAssumed Answered

LDAP and eDirectory

Question asked by clauded1 on Sep 1, 2009
Latest reply on Sep 2, 2009 by clauded1
Hi,

I'm trying to setup Alfresco 3.2 to interact with Novell eDirectory. So far I just can't authenticate with LDAP using this config :

alfresco-global.properties :

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
#
alfrescoNtlm1
alfresco.authentication.authenticateCIFS=true
#
ldap1
ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.1.6:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=myname
ldap.synchronization.active=false
ldap.synchronization.java.naming.security.principal=myname
ldap.synchronization.java.naming.security.credentials=mypassword
#ldap.synchronization.queryBatchSize=
#ldap.synchronization.groupQuery=
#ldap.synchronization.groupDifferentialQuery=
#ldap.synchronization.personQuery=
#ldap.synchronization.personDifferentialQuery=
ldap.synchronization.groupSearchBase=o=myorg
ldap.synchronization.userSearchBase=o=myorg
ldap.synchronization.modifyTimestampAttributeName=midifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=cn
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=entryDN
#ldap.synchronization.defaultHomeFolderProvider=
ldap.synchronization.groupIdAttributeName=name
#ldap.synchronization.groupType=
#ldap.synchronization.personType=
ldap.synchronization.groupMemberAttributeName=roleOccupant

Connectivity is good with the ldap server :

ldapsearch -h 192.168.1.6 -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: NMAS_LOGIN
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5

I did a trace of the LDAP request to the server but I still have no clue of what's going on :

NDSTRACE output:

3051293600 LDAP: New cleartext connection 0xdb46c80 from 10.53.88.41:49751, monitor = 0xa06beba0, index = 13
2605857696 LDAP: DoBind on connection 0xdb46c80
2605857696 LDAP: Bind name:NULL, version:3, authentication:DIGEST-MD5
2605857696 LDAP: Sending operation result 14:"":"" to connection 0xdb46c80
2614041504 LDAP: DoBind on connection 0xdb46c80
2614041504 LDAP: Bind (cont) name:NULL, version:3, authentication:DIGEST-MD5
2614041504 LDAP: Failed to authenticate full context on connection 0xdb46c80, err = no such entry (-601)
2614041504 LDAP: Sending operation result 49:"":"" to connection 0xdb46c80
2691427232 LDAP: Monitor 0xa06beba0 found connection 0xdb46c80 socket closed, err = -5871, 0 of 0 bytes read
2691427232 LDAP: Monitor 0xa06beba0 initiating close for connection 0xdb46c80
2611936160 LDAP: Server closing connection 0xdb46c80, socket error = -5871
2611936160 LDAP: Connection 0xdb46c80 closed
3049188256 LDAP: Work info status: Total:2 Peak:1 Busy:0
3051293600 LDAP: New TLS connection 0xdb46c80 from 192.168.1.8:55846, monitor = 0xa06beba0, index = 13
2691427232 LDAP: Monitor 0xa06beba0 initiating TLS handshake on connection 0xdb46c80
2614041504 LDAP: DoTLSHandshake on connection 0xdb46c80
2614041504 LDAP: BIO ctrl called with unknown cmd 7
2614041504 LDAP: Completed TLS handshake on connection 0xdb46c80
2610883488 LDAP: DoBind on connection 0xdb46c80
2610883488 LDAP: Treating simple bind with empty DN and no password as anonymous
2610883488 LDAP: Bind name:NULL, version:3, authentication:simple
2610883488 LDAP: Sending operation result 0:"":"" to connection 0xdb46c80
2611936160 LDAP: DoSearch on connection 0xdb46c80
2611936160 LDAP: Search request:
        base: ""
        scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
        filter: "(objectclass=*)"
        attribute: "wholeSubtreeSearchOps"
        attribute: "oneLevelSearchOps"
        attribute: "searchOps"
        attribute: "errors"
        attribute: "securityErrors"
2611936160 LDAP: Sending search result entry "" to connection 0xdb46c80
2611936160 LDAP: Sending operation result 0:"":"" to connection 0xdb46c80
2691427232 LDAP: Monitor 0xa06beba0 found connection 0xdb46c80 ending TLS session
2614041504 LDAP: DoUnbind on connection 0xdb46c80
2614041504 LDAP: Preempting operation 0x0:0x0 on connection 0xdb46c80 before processing because connection is closing
2614041504 LDAP: Connection 0xdb46c80 closed

Outcomes