LDAP Active Directory Auth klappt, sync nicht

sb1017_5337 · ‎15 Oct 2009

Hi,
ich habe es nach Stunden der Forensuche dann doch endlich hinbekommen, dass die Authentifizierung aller User über LDAP funktioniert. Leider werden die User erst angelegt, wenn ich mich einlogge. Die Gruppen aus meinem Win2003 Active Directory sind gar nicht erst vorhanden. Ich habe meinen Testuser in Windows gelöscht, leider existiert er in Alfresco weiter und kann dort auch nicht gelöscht werden.
Ich möchte, dass bestimmte Gruppen sowie alle User die sich darin befinden synchronisiert werden. Welche Einstellungen muss ich in folgenden Parametern vornehmen?


#ldap.synchronization.userSearchBase=ou=,dc=iconserver.iConsultantsUG,dc=local
#ldap.synchronization.groupSearchBase=ou=<OUcontainingUsers>,dc=iconserver.iConsultantsUG,dc=local
‍‍‍‍

Welche Einstellung ist noch falsch?
Datei: tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ap\lpad1


ldap.authentication.userNameFormat=%s@ICONSULTANTSUG
ldap.authentication.java.naming.provider.url=ldap://iconserver.iConsultantsUG.local:389
ldap.authentication.defaultAdministratorUserNames=administrator
ldap.synchronization.java.naming.security.principal=administrator@ICONSULTANTSUG
ldap.synchronization.java.naming.security.credentials=**********
ldap.authentication.java.naming.security.authentication=SIMPLE
ldap.authentication.allowGuestLogin=true
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
‍‍‍‍‍‍‍‍‍‍‍‍

Folgende Ausgabe des Servers


22:57:36,953  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
22:57:37,046  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
22:57:37,562  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete
22:57:40,125  ERROR [web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 09150005 Login failed
org.alfresco.web.scripts.WebScriptException: 09150005 Login failed
        at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:81)
        at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:79)
        at org.alfresco.web.scripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:223)
        at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:70)
        at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:357)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:407)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:424)
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:253)
        at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)
        at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
        at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Da ich noch ein Server-Neuling bin, sind mir über folgende Angaben auch nicht sicher:
ldap.authentication.java.naming.provider.url=ldap://iconserver.iConsultantsUG.local:389
Was muss denn genau die URL sein? Ich habe diese Angaben auf gut Glück mal irgendwo aus Windows rauskopiert. (Bei ActiveDirectory Benutzer- und Computer –> Domain Controllers ist "ICONSERVER" angegeben. Dort auf Eigenschaften –> DNS-Name: iconserver.iConsultantsUG.local)
Wer kann mir hier Starthilfe geben und mich über diese Begrifflichkeiten aufklären…?

Vielen Dank für eure Hilfe
Sebastian

bwerner · ‎16 Oct 2009

Hallo Sebastian,

Also folgende Einträge sind noch auskommentiert:

#ldap.synchronization.userSearchBase=ou=,dc=iconserver.iConsultantsUG,dc=local
#ldap.synchronization.groupSearchBase=ou=<OUcontainingUsers>,dc=iconserver.iConsultantsUG,dc=local
‍‍‍

Falls das noch so in Deiner Config steht wird der Sync nicht gestartet. Lösche doch ein mal die Kommentierungszeichen "#" und starten den Server neu.
Am besten Du löscht vorher das alfresco.log und postest hier ein mal ein "frisches" Log File, nachdem Du den Server neu gestartet hast.

Viele Grüße,
Bernhard

sb1017_5337 · ‎23 Oct 2009

Hi Bernhard,

leider schlägt das Login immer noch fehl. Auch wird nichts synchronisiert. :-( Hier die Ausgabe des Servers:

23.10.2009 15:41:40 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
23.10.2009 15:41:40 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 565 ms
23.10.2009 15:41:40 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
23.10.2009 15:41:40 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
23.10.2009 15:41:43 org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
15:41:52,875  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/repository.properties]
15:41:53,156  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/domain/transaction.properties]
15:41:53,156  INFO  [alfresco.config.JndiPropertiesFactoryBean] Loading properties file from URL [file:/F:/Programme/Alfresco/tomcat/shared/classes/alfresco-glo
bal.properties]
15:41:53,359  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
15:42:27,312  INFO  [domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
15:42:31,140  INFO  [domain.schema.SchemaBootstrap] No changes were made to the schema.
15:42:37,015 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [default]
15:42:37,046 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:39,000 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [default] complete
15:42:39,234 User:System INFO  [repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: F:\Programme\Alfresco\alf_data
15:42:39,296 User:System INFO  [admin.patch.PatchExecuter] Sucht nach anwendbaren Patches…
15:42:40,078 User:System INFO  [admin.patch.PatchExecuter] Es sind keine Patches erforderlich
15:42:40,078 User:System INFO  [repo.module.ModuleServiceImpl] 1 Modul(e) gefunden.
15:42:40,156 User:System INFO  [repo.module.ModuleServiceImpl] Starte Modul 'org.alfresco.module.vti' Version 1.2.
15:42:40,265 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [default]
15:42:40,281 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:40,750 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, alfrescoNtlm1]
15:42:40,812 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:41,421 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, alfrescoNtlm1] comple
te
15:42:41,421 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, passthru1]
15:42:41,453 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:41,546 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, passthru1] complete
15:42:41,625 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [default] complete
15:42:41,625 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [default]
15:42:41,656 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:41,843 User:System INFO  [repo.imap.AlfrescoImapServer] IMAP service started on host:port localhost:143.
15:42:41,843 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [default] complete
15:42:41,843 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [default]
15:42:41,859 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:42:41,859 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete
15:42:41,890 User:System INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_07-b06; maximum heap size 493,063MB
15:42:41,890 User:System WARN  [service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 493,063MB is less than recommended 512MB
15:42:41,890 User:System INFO  [service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 (2039) schema 2019 - Installed version
 3.2.0 (2039) schema 2019
15:42:42,703 User:System INFO  [module.vti.VtiServer] Vti server started successfully on port: 7070
15:43:01,250 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'wcm_deployment_receiver' subsystem, ID: [default]
15:43:01,312 User:System INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.pr
operties]
15:43:01,468 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'wcm_deployment_receiver' subsystem, ID: [default] complete
23.10.2009 15:43:02 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive mobile.war
15:43:03,859  INFO  [alfresco.config.JBossEnabledWebApplicationContext] Refreshing org.alfresco.config.JBossEnabledWebApplicationContext@26eac5: display name [R
oot WebApplicationContext]; startup date [Fri Oct 23 15:43:03 CEST 2009]; root of context hierarchy
15:43:04,437  INFO  [alfresco.config.JBossEnabledWebApplicationContext] Bean factory for application context [org.alfresco.config.JBossEnabledWebApplicationCont
ext@26eac5]: org.springframework.beans.factory.support.DefaultListableBeanFactory@a23bca
15:43:06,046  INFO  [web.scripts.DeclarativeRegistry] Registered 24 Web Scripts (+0 failed), 26 URLs
15:43:06,078  INFO  [web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 247.62233ms)
15:43:06,359  INFO  [web.scripts.DeclarativeRegistry] Registered 42 Web Scripts (+0 failed), 44 URLs
15:43:06,375  INFO  [web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 287.86188ms)
15:43:06,421  INFO  [web.site.FrameworkHelper] Successfully Initialized Web Framework
23.10.2009 15:43:06 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive share.war
15:43:10,484  INFO  [web.site.FrameworkHelper] Successfully Initialized Web Framework
23.10.2009 15:43:10 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive studio.war
15:46:15,234  INFO  [web.site.FrameworkHelper] Successfully Initialized Web Framework
23.10.2009 15:46:15 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
23.10.2009 15:46:15 org.apache.catalina.startup.Catalina start
INFO: Server startup in 274807 ms
15:46:15,656  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
15:46:15,718  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
15:46:16,531  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete
15:46:19,203  ERROR [web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 09230005 Login failed
org.alfresco.web.scripts.WebScriptException: 09230005 Login failed
        at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:81)
        at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:79)
        at org.alfresco.web.scripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:223)
        at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:70)
        at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:357)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:407)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:424)
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:253)
        at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)
        at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
        at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Was könnte noch falsch sein? Wie muss ich denn die Werte in

#ldap.synchronization.userSearchBase=ou=,dc=iconserver.iConsultantsUG,dc=local
#ldap.synchronization.groupSearchBase=ou=<OUcontainingUsers>,dc=iconserver.iConsultantsUG,dc=local‍‍

wählen? Was heißt denn userSearchBase=ou=, dc=.., ou=<OUcontainingUsers>??? Ist das richtig so?

Danke & Gruß
Sebastian

bwerner · ‎30 Oct 2009

Hallo,

1: Deine Konfigurationszeilen sind immer noch auskommentiert
Das sollte schon ein mal so aussehen:

ldap.synchronization.userSearchBase=ou=,dc=iconserver.iConsultantsUG,dc=local
ldap.synchronization.groupSearchBase=ou=<OUcontainingUsers>,dc=iconserver.iConsultantsUG,dc=local‍‍

2: bei ou musst Du die Organisationseinheit eintragen in der Deinen User im AD gespeichert sind. Die bekommst Du am einfachsten vom AD Admin.

Viele Grüße,
Bernhard