AnsweredAssumed Answered

Identification avec annuaire LDAP

Question asked by lomy on Aug 11, 2009
Latest reply on Aug 17, 2009 by loïcfache
Bonjour  :)

Comme le titre l'annonce, je n'arrive pas à m'identifier à Alfresco avec mes identifiants de l'annuaire LDAP  :oops:

Malgré la consultation de nombreux posts abordant la question et des tests, je n'arrive pas à me connecter avec les identifiants voulus  :?

Pourtant voici les étapes que j'ai suivi :
- édition de : ldap-authentication-context.xml (je n'ai rien modifié)
- édition de : ldap-synchronisation-context.xml (je n'ai rien modifié)
- modification de : ldap-authentication.properties
- modification de : ldap-synchronisation.properties

J'utilise thunderbird qui lui même utilise LDAP (et qui fonctionne). J'ai donc repris ces paramètres suivants :
- nom d'hôte : ldap-monserveur.net
- nom distinct de la base : dc=hermes-prod
- numéro de port : 389

J'ai bien essayé d'éditer :
- chaining-authentication-context.xml
- file-servers.xml
MAIS il y'a eu de nombreuses erreurs…(CIFS,FTP, etc..)

Voici mon fichier  ldap-authentication.properties :
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=CN=%s,dc=hermes-prod

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap-monserveur.net:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=uid=admin,ou=system

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=admin

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

Voici mon fichier  ldap-synchronisation.properties :
# 
# This properties file is used to configure LDAP syncronisation
#

# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)

# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=dc=hermes-prod

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider

# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfNames)

# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=dc=hermes-prod

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronisation.groupType=groupOfNames

# The person type in LDAP
ldap.synchronisation.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ?

# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?

# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true
Voici mes erreurs :
18:08:08,929 User:System ERROR [smb.protocol.auth] No valid CIFS authentication combination available
18:08:08,929 User:System ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component tha
t supports MD4 hashed passwords
18:08:08,929 User:System ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator confi
guration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration

18:08:08,929 User:System ERROR [alfresco.smb.protocol] FTP server configuration error, Wrong authentication setup for al
fresco authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for alfresco authenticator

18:08:10,101 User:System WARN  [alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be
established.
18:08:10,132 User:System INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.5.0_10-b03; maximum heap size 25
4,063MB
18:08:10,132 User:System WARN  [service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 254,063
MB is less than recommended 512MB
18:08:10,132 User:System INFO  [service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (St
able 1526) schema 1002 - Installed version 3.0.0 (Stable 1526) schema 1002
11 ao¹t 2009 18:08:28 org.apache.coyote.http11.Http11Protocol start
INFO: DÚmarrage de Coyote HTTP/1.1 sur http-8080
11 ao¹t 2009 18:08:29 org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
11 ao¹t 2009 18:08:29 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/16  config=null
11 ao¹t 2009 18:08:29 org.apache.catalina.startup.Catalina start
INFO: Server startup in 76210 ms
Je n'arrive pas du tout à me connecter, Alfresco ne connait aucun utilisateur du LDAP ni même l'admin (user:admin password:admin)

J'ai essayé toutes les possibilités dans les fichiers properties mais je n'arrive à rien  :cry:

Aidez moi s'il vous plait  :|
UN GRAND MERCI à CELUI QUI POURRA M'AIDER !

PS: Je suis sûre que cette notice aidera de nombreuses personnes  :D  (erreurs vues dans de nombreux posts jamais résolus)

Outcomes