AnsweredAssumed Answered

Alfresco 4.0a Openldap user can not login after sync

Question asked by beable on May 8, 2012
Latest reply on May 17, 2012 by narasimharao1
Good evening,
I have installed Alfresco 4.0a on Centos 6. Alfresco was successfull synchronization with openLDAP (in fact I can see the LDAP user on alfresco when I login like admin). When I login with the LDAP user I see this error on catalina.out:

2012-05-08 15:08:30,330  ERROR [extensions.webscripts.AbstractRuntime] [http-8080-38] Exception from executeScript - redirecting to status template error: 04080002 Login failed
org.springframework.extensions.webscripts.WebScriptException: 04080002 Login failed
   at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:75)
   at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:73)
   at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)
   at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)
   at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:393)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:462)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:500)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:275)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:372)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
   at java.lang.Thread.run(Thread.java:619)

The synchronization with LDAP is complete:

2012-05-08 15:07:01,192  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Synchronizing users and groups with user registry 'ldap1'
2012-05-08 15:07:01,226  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving all groups from user registry 'ldap1'
2012-05-08 15:07:01,347  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap1 Group Analysis: Commencing batch of 0 entries
2012-05-08 15:07:01,355  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap1 Group Analysis: Completed batch of 0 entries
2012-05-08 15:07:01,387  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving users changed since 8-mag-2012 12.16.08 from user registry 'ldap1'
2012-05-08 15:07:01,414  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap1 User Creation and Association: Commencing batch of 0 entries
2012-05-08 15:07:01,414  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap1 User Creation and Association: Completed batch of 0 entries
2012-05-08 15:07:01,460  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Finished synchronizing users and groups with user registry 'ldap1'
2012-05-08 15:07:01,460  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] 1 user(s) and 0 group(s) processed
2012-05-08 15:07:01,471  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete


In alfresco-global.properties I have set:

authentication.chain=ldap1:ldap,alfinst:alfrescoNtlm

In /opt/alfresco4/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties I have set:

ldap.authentication.active=false
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=cn=%s,ou=People,dc=beable,dc=it
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.0.XXX:389
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=admin,dc=beable,dc=it
ldap.synchronization.java.naming.security.credentials=*******
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Group,dc\=beable,dc\=it
ldap.synchronization.userSearchBase=ou\=People,dc\=beable,dc\=it
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

I try change ldap.authentication.java.naming.security.authentication to simple but the error is the same.
I try change ldap.authentication.userNameFormat to uid=%s,ou=People,dc=beable,dc=it but the error is the same.
I try change ldap.authentication.defaultAdministratorUserNames to blank but the error is the same.

I tried the solution inside of the countless post on your forum but I have not found any solution. :(

Can you help me?
Thanks in advance.

Angela

Outcomes