AnsweredAssumed Answered

OpenLdap + Alfresco 3.4d : password forced to sdasdasdasda12

Question asked by asko on Feb 15, 2012
Latest reply on Mar 13, 2012 by asko
Hi,

I searched for a long time without success.. Here 's my problem

Before (Alfresco 3.3)
full sync with open ldap worked fine for 1 year

Now,
Alfresco 3.4
Authentication works fine with openldap but full synchro failed (cannot connect to LDAP)
(I mean that user can connect Alfresco Share through LDAP authentication )


Caused by: org.alfresco.repo.security.authentication.AuthenticationException: 01150138 Unable to connect to LDAP Server; check LDAP configuration  at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:118) at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:89)  at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:82)

With wireshark, I found what was wrong


0000  00 00 0c 07 ac 64 00 24  21 33 79 5e 08 00 45 00   …..d.$ !3y^..E.
0010  00 79 0b 75 40 00 40 06  50 e2 0a 64 64 6a 0a 80   .y.u@.@. P..ddj..
0020  64 da be 24 01 85 d8 03  73 d9 ed 46 bc 22 80 18   d..$…. s..F."..
0030  00 2e de 93 00 00 01 01  08 0a 18 df 78 ab 32 15   …….. ….x.2.
0040  f6 da 30 43 02 01 01 60  3e 02 01 03 04 20 63 6e   ..0C…` >…. cn
0050  3d 4d 61 6e 61 67 65 72  2c 64 63 3d 63 68 2d 74   =Manager ,dc=ch-t
0060  6f 75 72 63 6f 69 6e 67  2c 64 63 3d 66 72 80 17   ourcoing ,dc=fr..
0070  73 64 61 73 64 61 73 64  61 73 64 61 73 64 31 32   sdasdasd asdasd12
0080  33 31 32 33 31 32 33                               3123123         



As you see, the credentials has been change for a bad value. (sdasdasdasdasd123123123)

I tried all I can do, but it's always the same
- If I change ldap-authentication.properties, all changes are taken but credentials
- I write it clear in ldap-common-context.xml but  nothing change about credential (the same sdasda.. credential is sent)

I think that my config files are right

ldap.authentication.properties


ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,ou=Agents,ou=people,dc=ch-tourcoing,dc=fr
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap:389

ldap.authentication.java.naming.security.authentication=SIMPLE

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Manager,admin,root
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=Manager,dc=ch-tourcoing,dc=fr

ldap.synchronization.java.naming.security.credentials=xxxxxxxxxx  ; but not sdasda … string

ldap.synchronization.queryBatchSize=9999   
ldap.synchronization.attributeBatchSize=9999
ldap.synchronization.groupQuery=(objectclass=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfUniqueNames)(!(modifyTimestamp<={0})))
ldap.synchronization.personQuery=(&(objectclass\=inetOrgPerson)(!(title\=PC)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groupes,ou\=Services,dc\=ch-tourcoing,dc\=fr
ldap.synchronization.userSearchBase=ou\=Agents,ou\=people,dc\=ch-tourcoing,dc\=fr
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=cn
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=false

This file worked with previous release

Why the right credential is not given to ldap server ?


Thanks for all advices …

Outcomes