AnsweredAssumed Answered

Unable to create user after ldap integration  error: 06100143

Question asked by bikash on Jul 10, 2013
Latest reply on Jul 11, 2013 by scouil
I have integrated fedora-ds ldap with alfresco, i am able to login using my ldap username and password but as aadmin when i am creating a new user from alfresco its throwing exception
:::::::



12:24:01,962 ERROR [org.alfresco.web.ui.common.Utils] Failed to create Person due to error: 06100143 Unable to create authentication as there is no suitable authentication service.
org.alfresco.repo.security.authentication.AuthenticationException: 06100143 Unable to create authentication as there is no suitable authentication service.
        at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.createAuthentication(AbstractChainingAuthenticationService.java:66)
        at org.alfresco.web.bean.users.CreateUserWizard.finishImpl(CreateUserWizard.java:845)
        at org.alfresco.web.bean.dialog.BaseDialogBean$1.execute(BaseDialogBean.java:118)
        at org.alfresco.web.bean.dialog.BaseDialogBean$1.execute(BaseDialogBean.java:114)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:381)
        at org.alfresco.web.bean.dialog.BaseDialogBean.finish(BaseDialogBean.java:124)
        at org.alfresco.web.bean.wizard.WizardManager.finish(WizardManager.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
        at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
        at javax.faces.component.UICommand.broadcast(UICommand.java:109)
        at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
        at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
        at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
        at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
        at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:104)
        at sun.reflect.GeneratedMethodAccessor540.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:116)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at $Proxy232.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
        at sun.reflect.GeneratedMethodAccessor540.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)



:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ldap-authentication.properties

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=true
# How to map the user id entered by the user to that passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      uid=%s,ou=People,dc=company,dc=com
# - digest
#    - usually pass through what is entered
#      %s
# If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will
# be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
# appear in the DN.
ldap.authentication.userNameFormat=%s

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://localhost:389

# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=cn\=Directory Manager

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true

# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=uid\=admin,ou\=system

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=password

# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=0

# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.       
ldap.synchronization.attributeBatchSize=0

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=cn\=group,c\=india,dc\=indiaportal,dc\=com,dc\=in

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=cn\=user,c\=india,dc\=indiaportal,dc\=com,dc\=in

# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=description

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member

# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true


Outcomes