AnsweredAssumed Answered

PROBLEMAS ALFRESCO 3.2 + OPENLDAP

Question asked by luna05 on Nov 10, 2009
Latest reply on Nov 11, 2009 by luna05
Hola,
He leido muchos post sobre este tema y no he logbrado conectar mi alfresco, 3.2 que por cierto lo tengo en mi pc local, con un servidor openldap que esta en otra pc.

Configurando los archivos ldap.authentication.properties y el default-synchronization.properties me di cuenta que aun me podia conectar con el usuario admin admin de alfresco por lo que se que no me funciona la coneccion con ldap y el log es el siguiente:

12:52:17,661 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsy$
12:52:17,702 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource$
12:52:18,523 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' sub$
12:52:23,556 ERROR [org.alfresco.fileserver] Failed to get local domain/workgroup name, using default of WORKGROUP
12:52:23,557 ERROR [org.alfresco.fileserver] (This may be due to firewall settings or incorrect <broadcast> setting)
12:52:23,648 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsys$
12:52:23,648 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: $
12:52:23,663 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource$
12:52:23,733 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID$
12:52:23,826 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subs$
12:52:23,872 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource$
12:52:23,882 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' su$
12:52:23,967 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_16-b01; maximum heap size 506,$
12:52:23,968 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 $
12:52:24,831 INFO  [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 7070
12:52:27,758 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed

Esto fue lo que configure en los dos ficheros:
ldap-authentication.properties

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=true
# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      uid=%s,ou=People,dc=company,dc=com
# - digest
#    - usually pass through what is entered
#      %s
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=vcl,dc=uci,dc=cu

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap.vcl.uci.cu:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=cn=anonimo anonimo,dc=vcl,dc=uci,dc=cu
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=atreyuhsf31285

# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass=groupOfNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=dc=vcl,dc=uci,dc=cu

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou=people,dc=vcl,dc=uci,dc=cu

# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member


default-synchronization.properties
#
# This properties file is used to configure user registry syncronisation (e.g. LDAP)
#

# Should the scheduled sync job only query users and groups changed since the
# last sync? Note that when true, the sync job will not be able to detect which
# users or groups have been removed from the directory (but obviously group
# membership changes would still be reflected). When false, a more regular
# differential sync on login can still be enabled.
synchronization.synchronizeChangesOnly=false

# The cron expression defining when imports should take place
synchronization.import.cron=0 0 0 * * ?

# Should we trigger a differential sync when missing people log in?
synchronization.syncWhenMissingPeopleLogIn=true

# Should we auto create a missing person on log in?
synchronization.autoCreatePeopleOnLogin=true

Mi pregunta es la siguiente hay que configurar algun otro fichero del cual no se haya hablado en los post, ademas si alguien puede ver mi log y decirme que es lo que encuenta, lo agradecere puesto que en ningun momento de mi log me da errores con la direccion ldap o por el ususrio y la contrasena, mas bien no me hace nada se queda como si no hubiese cambiado los ficheros de configuracion.
Gracias y espero sus respuestas.

Outcomes