AnsweredAssumed Answered

LDAP Sync via unsecured IMAP server and Alfresco 3.2

Question asked by xkahn on Feb 8, 2010
Latest reply on Jul 19, 2010 by xkahn
I'm trying to load LDAP account data via LDAP sync.  My configuration looks like this:

#
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#————-
authentication.chain=kerberos2:kerberos,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

#
# Kerberos
#————-
kerberos.authentication.realm=MYCORP.COM
kerberos.authentication.defaultAdministratorUserNames=bkahn
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.user.configEntryName=Alfresco

#
# LDAP
#————-
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.security.authentication=none
ldap.authentication.userNameFormat=uid=%s,ou=People,dc=mycorp,dc=com
ldap.authentication.java.naming.provider.url=ldap://ldap.corp.mycorp.com:389
ldap.synchronization.userSearchBase=dc=mycorp,dc=com

Unfortunately, Alfresco yells with this configuration. The final error is:

The ldap server at ldap://ldap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials are presented. This is not supported.

But the full log is:

14:32:55,147 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in file [/usr/share/tomcat5/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/
Authentication/ldap/../common-ldap-context.xml]: Cannot resolve reference to bean 'ldapInitialDirContextFactory' while setting bean property 'LDAPInitialDirContextFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [/usr/share/tomcat5/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/../common-ldap-context.xml]: Invocation of init method failed; nested exception is org.alfresco.repo.security.authentication.AuthenticationException: 01080001 The ldap server at ldap://ldap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials are presented. This is not supported.
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [/usr/share/tomcat5/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/../common-ldap-context.xml]: Invocation of init method failed; nested exception is org.alfresco.repo.security.authentication.AuthenticationException: 01080001 The ldap server at ldap://ldap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials are presented. This is not supported.
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: 01080001 The ldap server at ldap://ldap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials
are presented. This is not supported.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:328)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1203)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1172)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:427)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:267)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:110)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1100)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:862)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:423)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:291)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:436)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:214)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:344)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.getApplicationContext(DefaultChildApplicationContextManager.java:295)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.start(DefaultChildApplicationContextManager.java:254)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:436)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:214)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getInstanceIds(DefaultChildApplicationContextManager.java:151)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:361)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1217)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:514)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1211)
        at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:377)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4212)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
14:32:55,158 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
dap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials are presented. This is not supported.
p server at ldap://ldap.corp.mycorp.com:389 falls back to use anonymous bind if invalid security credentials are presented. This is not supported.
are presented. This is not supported.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:328)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1203)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1172)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:427)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:267)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:110)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1100)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:862)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:423)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:291)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:436)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:214)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:344)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.getApplicationContext(DefaultChildApplicationContextManager.java:295)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.start(DefaultChildApplicationContextManager.java:254)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:436)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:214)
        at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getInstanceIds(DefaultChildApplicationContextManager.java:151)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:361)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1217)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:514)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1211)
        at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:377)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4212)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
14:32:55,159 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete

Why isn't this allowed?  I'm not pulling password information out of LDAP; this is really just user names and email addresses.

Looking at the Alfresco source, this seems pretty intended:

        try
        {

            new InitialDirContext(env);

            throw new AuthenticationException(
                    "The ldap server at "
                            + env.get(Context.PROVIDER_URL)
                            + " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
        }
        catch (javax.naming.AuthenticationException ax)
        {
            logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
        }
        catch (AuthenticationNotSupportedException e)
        {
            logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
        }
        catch (NamingException nx)
        {
            logger.info("LDAP server does not support simple string user ids and invalid credentials at "+ env.get(Context.PROVIDER_URL));
        }

In other words, if there isn't an error it is an error.  So …  Why?  What is the problem with anonymous LDAP?

Outcomes