J'arrive à synchroniser sans problème mes utilisateurs...

cancel
Showing results for 
Search instead for 
Did you mean: 
lascaux_2774
Active Member II

J'arrive à synchroniser sans problème mes utilisateurs...

Bonjour,

J'arrive à synchroniser sans problème mes utilisateurs (présent dans un groupe Active Directory) dans Alfresco.
Mais il reste necessaire à mes users de se logger via l'interface Alfresco.

J'aimerai maintenant faire en sorte que l'authentification NTLM automatique se fasse pour loger les users (synchronisés) directement …

J'ai essayé plusieurs choses:
- modification du web.xml pour mettre le bean NTLM à la place de l'authentification par defaut
- désactivation de l'authentification LDAP dans le ldap-authentication-context.xml pour ne laisser que la synchronisation
-mise en place de l'authentification NTLM (ntlm-authentication-context.xml)

mais je n'arrive pas au comportement voulu (la plupart du temps, je n'arrive pas à logger un utilisateur alors qu'il est parfaitement synchronisé)

Donc ma question est : Est-ce possible ?

Que se passe-t-il si une personne qui n'est pas synchronisé essaye d'accéder à Alfresco ?

merci

Sylvain
6 Replies
s_archambault
Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

Bonjour,

Je confirme, synchronisation LDAP et authentification NTLM, ça fonctionne !!!

J'ai tatonné longtemps, mais maintenant c'est opérationnel.

Voici ce que j'ai fait pour la partie NTLM :

1 - Dans le fichier : Répertoire_AlfrescotomcatwebappsalfrescoWEB-INFweb.xml remplacement de la partie :

  <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
     
      <!– For Novell IChain support use the following filter –>
      <!– (Enterprise version only)                          –>
      <!–
        <filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
      –>
     
      <!– For NTLM authentication support use the following filter –>
      <!– (Enterprise version only)                                –>
      <!–
        <filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
      –>
   </filter>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
     
      <!– For NTLM authentication support use the following filter –>
      <!– (Enterprise version only)                                –>
      <!–
        <filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
      –>
   </filter>
par :

   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
   </filter>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
   </filter>
2 - Puis dans le répertoire : Répertoire_Alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml

Renommer le fichier : ntlm-authentication-context.xml.sample en ntlm-authentication-context.xml

Pour la question de l'accès pour un utilisateur "non synchronisé", je n'ai pas eu l'occasion de tester.

Stéphane.
lascaux_2774
Active Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

C'est bien ce que je faisais …
mais lorsque j'active les 2 fichiers (LDAP et NTLM) …

voici ce que j'obtiens en accédant a Alfresco :

java.lang.NullPointerException 
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:770)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:392)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
Par ailleurs, dans ton ldap-authentication-context.xml

as-tu conservé les lignes suivantes :

    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
   
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>false</value>
        </property>
    </bean>   
  

    <!– LDAP authentication configuration –>
   
    <!–
   
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
    –>
   
    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!– comment
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
           
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
           
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
            Usually for simple authentication.
            comment –>           
            <value>%s</value>
        </property>
    </bean>
ou les as-tu virée ?

Sylvain
s_archambault
Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

Voici mon fichier ldap-authentication-context.xml :


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<!—-

      Version : Importation LDAP
      Connection utilisateur dans l'espace : /Alfresco
      Selection des utilisateurs ayant un Prénom
      Suppression des Utilisateurs à chaque importation
—->

<beans>
   
    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
   
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>   
   
    <!–
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
    –>
   
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
               
                <entry key="java.naming.provider.url">
<value>ldap://nom_du_serveur.nom_de_domaine:389</value>
                </entry>
               
                <entry key="java.naming.security.authentication">
<value>simple</value>
                </entry>
               
                <entry key="java.naming.security.principal">
<value>CN=xxxxxx yyyyy,OU=wwwwwww,OU=zzzzzzzz,DC=nom_de_domaine,DC=fr</value>               </entry>
               
                <!– The password for the user defined above –>

                <entry key="java.naming.security.credentials">
<value>sssssss</value>
                </entry>
            </map>
        </property>
    </bean>
   
    <!– Ldap Syncronisation support –>
   
    <!–
       
    There can be more than one stack of beans that import users or groups. For example, it may be easier
    to have a version of ldapPeopleExportSource, and associated beans, for each sub-tree of your ldap directory
    from which you want to import users. You could then limit users to be imported from two or more sub tress and ignore
    users found else where. The same applies to the import of groups.
        
    The defaults shown below are for OpenLDAP.   
       
    –>
  
    <!– Extract user information from LDAP and transform this to XML –>
    
    <bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
        <!–
        The query to select objects that represent the users to import.
       
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=inetOrgPerson)
       
        For Active Directory:
        (objectclass=user)
        –>

        <property name="personQuery">

   <!– <value>(objectclass=user)</value> –>

<value>(&&#40;objectCategory=person)(objectClass=user)(displayName=o*)(givenName=*))</value>

        </property>
       
        <!–
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        –>

        <property name="searchBase">
<value>OU=xxxxxx,OU=yyyyy,DC=zzzzzz,DC=fr</value>
        </property>
       
        <!–
        The unique identifier for the user.
       
        THIS MUST MATCH WHAT THE USER TYPES IN AT THE LOGIN PROMPT   
       
        For simple LDAP authentication this is likely to be "cn" or, less friendly, "distinguishedName"
       
        In OpenLDAP, using other authentication mechanisms "uid", but this depends on how you map
        from the id in the LDAP authentication request to search for the inetOrgPerson against which
        to authenticate.
       
        In Active Directory this is most likely to be "sAMAccountName"
       
        This property is mandatory and must appear on all users found by the query defined above.
       
        –>

        <property name="userIdAttributeName">
<value>sAMAccountName</value>
        </property>
       
        <!– Services –>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="personService">
            <ref bean="personService"></ref>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       
        <!–
        This property defines a mapping between attributes held on LDAP user objects and
        the properties of user objects held in the repository. The key is the QName of an attribute in
        the repository, the value is the attribute name from the user/inetOrgPerson/.. object in the
        LDAP repository.    
        –>
        <property name="attributeMapping">
            <map>
                <entry key="cm:userName">
                    <!– Must match the same attribute as userIdAttributeName –>
<value>samaccountname</value>
                </entry>

                <entry key="cm:firstName">
                    <!– OpenLDAP: "givenName" –>
                    <!– Active Directory: "givenName" –>
                    <!– <value>givenName</value> –>
<value>givenName</value>
                </entry>

                <entry key="cm:lastName">
                    <!– OpenLDAP: "sn" –>
                    <!– Active Directory: "sn" –>
                    <!– <value>sn</value> –>
<value>cn</value>
                </entry>

                <entry key="cm:email">
                    <!– OpenLDAP: "mail" –>
                    <!– Active Directory: "???" –>
                    <value>mail</value>
                </entry>

               <entry key="cm:organizationId">
                       <value>company</value>
               </entry>

<entry key="cm:homeFolder">
   <null/>
</entry>
<null/>
            </map>
        </property>

        <!– Set a default home folder provider –>
        <!– Defaults only apply for values above –>
        <property name="attributeDefaults">


       <map>

<entry key="cm:homeFolder">
   <value>/app:company_home</value>
</entry>

<entry key="cm:organizationId">
   <value>nom_entreprise</value>
</entry>

       </map>
     </property>

    </bean>
 
    <!– Extract group information from LDAP and transform this to XML –>
   
    <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
        <!–
        The query to select objects that represent the groups to import.
       
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=groupOfNames)
       
        For Active Directory:
        (objectclass=group)
        –>

        <property name="groupQuery">

         <!— <value>(objectclass=group)</value> —>

<value>(&&#40;objectCategory=person)(objectClass=user)(displayName=*)(givenName=*))</value>

        </property>
       
        <!–
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        –>
        <property name="searchBase">
<value>OU=xxxxxxx,OU=yyyyyyy,DC=wwwww,DC=fr</value>
        </property>
       
        <!–
        The unique identifier for the user. This must match the userIdAttributeName on the ldapPeopleExportSource bean above.
        –>
        <property name="userIdAttributeName">
<value>samaccountname</value>
        </property>
       
        <!–
        An attribute that is a unique identifier for each group found.
        This is also the name of the group with the current group implementation.
        This is mandatory for any groups found.
       
        OpenLDAP: "cn" as it is mandatory on groupOfNames
        Active Directory: "cn"
       
        –>
        <property name="groupIdAttributeName">
<value>cn</value>
        </property>
       
        <!–
        The objectClass attribute for group members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a group.
        –>
        <property name="groupType">
            <value>groupOfNames</value>
        </property>
       
        <!–
        The objectClass attribute for person members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a person.
        –>

        <property name="personType">
            <value>inetOrgPerson</value>
        </property>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       
        <!–
        The repeating attribute on group objects (found by query or as sub groups)
        used to define membership of the group. This is assumed to hold distinguished names of
        other groups or users/people; the above types are used to determine this.
       
        OpenLDAP: "member" as it is mandatory on groupOfNames
        Active Directory: "member"
        –>

        <property name="memberAttribute">
            <value>member</value>
        </property>
       
        <property name="authorityDAO">
            <ref bean="authorityDAO"/>
        </property>
    </bean>
   
    <!– Job definitions to import LDAP people and groups –>
    <!– The triggers register themselves with the scheduler –>
    <!– You may comment in the default scheduler to enable these triggers –>
    <!– If a cron base trigger is what you want seee scheduled-jobs-context.xml for examples. –>
   
    <!– Trigger to load people –>
    <!– Note you can have more than one initial (context, trigger, import job and export source) set –>
    <!– This would allow you to load people from more than one ldap store –>
   
    <bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapPeopleImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!– Start after 5 minutes of starting the repository –>
        <property name="startDelay">
            <value>30000</value>
        </property>
        <!– Repeat every hour –>
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
        <!– Commented out to disable  –>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>

    </bean>
   
    <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapGroupImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!– Start after 5 minutes of starting the repository –>
        <property name="startDelay">
            <value>30000</value>
        </property>
        <!– Repeat every hour –>
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
        <!– Commented out to disable
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        –>
    </bean>
   
    <!– The bean that imports xml describing people –>
   
    <bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapPeopleExportSource"/>
        </property>

        <!– The store that contains people - this should not be changed –>
        <property name="storeRef">
            <value>${spaces.store}</value>
        </property>
       
        <!– The location of people nodes within the store defined above - this should not be changed –>
        <property name="path">
            <value>/${system.system_container.childname}/${system.people_container.childname}</value>
        </property>
       
        <!– If true, clear all existing people before import, if false update/add people from the xml –>
        <property name="clearAllChildren">
<value>true</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
              
        <property name="caches">
            <set>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
    </bean>
   
    <!– The bean that imports xml descibing groups –>
   
    <bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapGroupExportSource"/>
        </property>
        <!– The store that contains group information - this should not be changed –>
        <property name="storeRef">
            <value>${alfresco_user_store.store}</value>
        </property>
       
        <!– The location of group information in the store above - this should not be changed –>
        <property name="path">
            <value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
        </property>
       
        <!– If true, clear all existing groups before import, if false update/add groups from the xml –>
        <property name="clearAllChildren">
            <value>true</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
       
        <!– caches to clear on import of groups –>
        <property name="caches">
            <set>
                <ref bean="userToAuthorityCache"/>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
       
        <!– userToAuthorityCache –>
    </bean>
   
</beans>
En espérant que cela pourra t'aider.

Stéphane.
lascaux_2774
Active Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

Merci beaucoup ….

Sylvain
lascaux_2774
Active Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

Je n'arrive pas vraiment à mes fins …

Un utilisateur qui a été défini comme Administrateur alfresco peut se connecter sans problème.

Par contre, voila le resultat lorsqu'un utilisateur (correctement synchronisé) essaye de se connecter :

javax.faces.FacesException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
org.apache.jasper.JasperException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
javax.faces.el.EvaluationException: org.alfresco.web.bean.NavigationBean
caused by:
javax.faces.el.EvaluationException: Bean: org.alfresco.web.bean.NavigationBean, property: location
caused by:
java.lang.reflect.InvocationTargetException
caused by:
org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied. You do not have the appropriate permissions to perform this operation.
caused by:
net.sf.acegisecurity.AccessDeniedException: Access is denied.

Hide Details

javax.faces.FacesException: Cannot get value for expression '#{NavigationBean.location}'
at org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:421)
at org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:234)
at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:352)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:874)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:392)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.jasper.JasperException: Cannot get value for expression '#{NavigationBean.location}'
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:370)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
at org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:415)
… 26 more

Return to application
Un idée d'ou peut provenir le problème ?

Sylvain
lascaux_2774
Active Member II

Re: J'arrive à synchroniser sans problème mes utilisateurs...

J'ai trouvé d'ou vient ce probleme : j'avais enleve le FullControl pour le ROLE_OWNER dans le fichier permissionDefinitions.xml
en le remettant … ca fonctionne pour tous les users !

Par ailleurs, ca autorise TOUS les users du domaine à accéder à Alfresco … et non seulement à ceux qui sont synchronisé …
Y-a-t-il un moyen de limiter cela ?

Sylvain