AnsweredAssumed Answered

LDAP users able to login to alfresco but not Share

Question asked by sandhya25186 on Jul 28, 2010
Hello,
I integrated my Ldap with Alfresco 3.3g.I am able to login to my webclient using Ldap user but not to the share, its giving me login error!!!

Following are my files :-

1) LDAP directory :-
hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
dn: dc=macif-lfn,dc=com
dc: macif-lfn
objectClass: dcObject
objectClass: organizationalUnit
ou: macif-lfn Incorporated
structuralObjectClass: organizationalUnit
entryUUID: 0b4cd92a-2cda-102f-9b1f-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.447889Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: ou=people,dc=macif-lfn,dc=com
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 0b4d17d2-2cda-102f-9b20-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.449519Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: cn=Charlton Heston,ou=people,dc=macif-lfn,dc=com
cn: Charlton Heston
sn: Heston
mail: heston@macif-lfn.com
telephoneNumber: 508-555-1212
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d2b14-2cda-102f-9b21-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450012Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: cn=Roddy McDowall,ou=people,dc=macif-lfn,dc=com
cn: Roddy McDowall
sn: McDowall
mail: mcdowall@macif-lfn.com
telephoneNumber: 508-555-1234
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d37e4-2cda-102f-9b22-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450340Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: uid=arunim,ou=people,dc=macif-lfn,dc=com
userPassword:: ZGV2QDEyMw==
uid: arunim
sn: arunim
cn: arunim
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 356b1708-2e7e-102f-8dee-63a2f7905b23
creatorsName: uid=admin,ou=people,dc=macif-lfn,dc=com
createTimestamp: 20100728102537Z
entryCSN: 20100728102537.736841Z#000000#000#000000
modifiersName: uid=admin,ou=people,dc=macif-lfn,dc=com
modifyTimestamp: 20100728102537Z

dn: uid=admin,ou=people,dc=macif-lfn,dc=com
userPassword:: YWRtaW4=
uid: admin
sn: administrator
cn: administrator
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: cd705776-2e87-102f-8df0-63a2f7905b23
creatorsName: uid=arunim,ou=people,dc=macif-lfn,dc=com
createTimestamp: 20100728113418Z
entryCSN: 20100728113418.255508Z#000000#000#000000
modifiersName: uid=arunim,ou=people,dc=macif-lfn,dc=com
modifyTimestamp: 20100728113418Z

2)/opt/Alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/changes.properties
     #
    # LDAP Sync
    #
    # This flag enables use of this LDAP subsystem for authentication. It may be
    # that this subsytem should only be used for synchronization, in which case
    # this flag should be set to false.
    ldap.authentication.active=true
    ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    # This flag enables use of this LDAP subsystem for user and group
    # synchronization. It may be that this subsystem should only be used for
    # authentication, in which case this flag should be set to false.
    ldap.synchronization.active=true
    ldap.authentication.userNameFormat=uid=%s,ou=people,dc=macif-lfn,dc=com
    ldap.authentication.allowGuestLogin=true
    # (macif-lfn specific property)
    ldap.authentication.java.naming.provider.url=ldap://localhost:389

    # The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
    # (macif-lfn specific property)
    ldap.synchronization.java.naming.security.principal=cn=admin,dc=macif-lfn,dc=com

    # The password for the default principal (only used for LDAP sync)
    # (macif-lfn specific property)
    ldap.synchronization.java.naming.security.credentials=secret

    # If positive, this property indicates that RFC 2696 paged results should be
    # used to split query results into batches of the specified size. This
    # overcomes any size limits imposed by the LDAP server.
    ldap.synchronization.queryBatchSize=1000

    # The query to select all objects that represent the groups to import.
    # (macif-lfn specific property)
    ldap.synchronization.groupQuery=(&(objectclass\=organizationalUnit)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com))

    # The query to select objects that represent the groups to import that have changed since a certain time.
    # (macif-lfn specific property)
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=organizationalUnit)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com)(!(modifyTimestamp<\={0})))

    # The query to select all objects that represent the users to import.
    # (macif-lfn specific property)
    ldap.synchronization.personQuery=(&(objectclass\=inetOrgPerson))

    # The query to select objects that represent the users to import that have changed since a certain time.
    # (macif-lfn specific property)
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson))

    # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
    # (macif-lfn specific property)
   ldap.synchronization.groupSearchBase=dc\=macif-lfn,dc\=com

    # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
    # (macif-lfn specific property)
    ldap.synchronization.userSearchBase=dc\=macif-lfn,dc\=com

    # The name of the operational attribute recording the last update time for a group or user.
    ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

    # The timestamp format. Unfortunately, this varies between directory servers.
    ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

    # The attribute name on people objects found in LDAP to use as the uid in Alfresco
    ldap.synchronization.userIdAttributeName=uid

    # The attribute on person objects in LDAP to map to the first name property in Alfresco
    ldap.synchronization.userFirstNameAttributeName=givenName

    # The attribute on person objects in LDAP to map to the last name property in Alfresco
    ldap.synchronization.userLastNameAttributeName=sn

    # The attribute on person objects in LDAP to map to the email property in Alfresco
    ldap.synchronization.userEmailAttributeName=mail

    # The attribute on person objects in LDAP to map to the organizational id property in Alfresco
    ldap.synchronization.userOrganizationalIdAttributeName=company

    # The default home folder provider to use for people created via LDAP import
    ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

    # The attribute on LDAP group objects to map to the gid property in Alfrecso
    ldap.synchronization.groupIdAttributeName=cn

    # The group type in LDAP
    ldap.synchronization.groupType=group

    # The person type in LDAP
    ldap.synchronization.personType=user

    # The attribute in LDAP on group objects that defines the DN for its members
    ldap.synchronization.groupMemberAttributeName=member

    synchronization.synchronizeChangesOnly=true
   
3)/opt/Alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/passthru/passthru1/changes.properties
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
# (domain specific property): NetBIOS name of your domain and
# domain controller.s IP address, add more separated by commas
passthru.authentication.servers=DOMAIN\\localhost,macif-lfn.com
ntlm.authentication.sso.enabled=false
alfresco.authentication.allowGuestLogin=true
ntlm.authentication.mapUnknownUserToGuest=true
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
passthru.authentication.guestAccess=true
# (domain specific property): list of usernames from AD
# that are to be Alfresco administrators
passthru.authentication.defaultAdministratorUserNames=arunim

Could somebody tell me where i am going wrong????:(

Outcomes