AnsweredAssumed Answered

LDAP Sync working but no Authentication

Question asked by m4lewis on Jul 11, 2013
Latest reply on Jul 12, 2013 by scouil
Hello,

I'm currently working with Alfresco 4.2.c Community and I am trying to obtain authentication within Alfresco through our LDAP AD. After many searches on the net I was able to throw together a configuration and all of my AD users have appeared within alfresco (stack trace below) and there are no errors (outside of SMB and CIFS which I have not configured) for the Authentication or Sync subsystems for ldap.

Here is my current configuration for ldap:

### Authentication and Synchronization LDAP-AD ###
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ldap.defaultAdministratorUserNames=Administrator,alfresco

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid\=%s,cn\=Users,dc\=company,dc\=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://batman.robin.com:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=SIMPLE

ldap.synchronization.java.naming.security.principal=cn\=Alfresco Account,cn\=Users,dc\=company,dc\=com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.java.naming.security.authentication=SIMPLE
ldap.synchronization.groupSearchBase=cn\=Users,dc\=company,dc\=com
ldap.synchronization.userSearchBase=cn\=Users,dc\=company,dc\=com
ldap.synchronization.active=true
ldap.synchronization.userIDAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.userIdAttributeName=sAMAccountName

When I initialized these settings that's when all of my users from AD got synced and pulled into alfresco…however when I try to login as myself (AD credentials) it does not accept it (another user was unable to do so as well)

<blockquote>
00:00:00,061 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
00:00:00,061 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Full synchronization with user registry 'ldap1'
00:00:00,061 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Some users and groups previously created by synchronization with this user registry may be removed.
00:00:00,066 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since 10-Jul-2013 4:16:52 PM from user registry 'ldap1'
00:00:00,081 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
00:00:00,081 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
00:00:00,282 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since 10-Jul-2013 11:20:58 AM from user registry 'ldap1'
00:00:00,290 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 0 entries
00:00:00,290 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 0 entries
00:00:00,377 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
00:00:00,377 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed
10:31:59,574 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'googledocs' subsystem, ID: [googledocs, v2]
10:31:59,575 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'googledocs' subsystem, ID: [googledocs, v2]
10:31:59,577 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Replication' subsystem, ID: [Replication, default]
10:31:59,577 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Replication' subsystem, ID: [Replication, default]
10:31:59,614 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Subscriptions' subsystem, ID: [Subscriptions, default]
10:31:59,615 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Subscriptions' subsystem, ID: [Subscriptions, default]
10:31:59,615 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'googledocs' subsystem, ID: [googledocs, default]
10:31:59,615 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'googledocs' subsystem, ID: [googledocs, default]
10:31:59,615 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'email' subsystem, ID: [email, inbound]
10:31:59,616 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'email' subsystem, ID: [email, inbound]
10:31:59,616 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'fileServers' subsystem, ID: [fileServers, default]
10:31:59,622 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'fileServers' subsystem, ID: [fileServers, default]
10:31:59,637 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
10:31:59,637 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
10:31:59,638 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'OOoDirect' subsystem, ID: [OOoDirect, default]
10:31:59,638 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'OOoDirect' subsystem, ID: [OOoDirect, default]
10:31:59,640 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Synchronization' subsystem, ID: [Synchronization, default]
10:31:59,640 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Synchronization' subsystem, ID: [Synchronization, default]
10:31:59,641 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'email' subsystem, ID: [email, outbound]
10:31:59,641 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'email' subsystem, ID: [email, outbound]
10:31:59,641 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'imap' subsystem, ID: [imap, default]
10:31:59,642 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'imap' subsystem, ID: [imap, default]
10:32:00,123 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Search' subsystem, ID: [Search, managed, lucene]
10:32:00,134 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Search' subsystem, ID: [Search, managed, lucene]
10:32:00,185 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'thirdparty' subsystem, ID: [thirdparty, default]
10:32:00,185 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'thirdparty' subsystem, ID: [thirdparty, default]
10:32:00,186 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
10:32:00,186 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
10:32:00,187 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
10:32:00,187 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
10:32:00,194 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopping 'sysAdmin' subsystem, ID: [sysAdmin, default]
10:32:00,194 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Stopped 'sysAdmin' subsystem, ID: [sysAdmin, default]
10:48:49,724 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
10:48:49,780 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
10:49:15,714 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
10:49:15,717 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor Repository Script Processor for extension js
10:49:31,213 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Connecting to database: jdbc:mysql://localhost:3306/bitnami_alfresco?useUnicode=yes&characterEncoding=UTF-8, UserName=bitnami@localhost, MySQL-AB JDBC Driver
10:49:31,214 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
10:49:31,795 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
10:49:32,612 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Search' subsystem, ID: [Search, managed, lucene]
10:49:33,043 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Search' subsystem, ID: [Search, managed, lucene] complete
10:49:33,721 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
10:49:33,899 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
10:49:33,900 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
10:49:35,445 WARN  [org.alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
10:49:35,450 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
10:49:36,577 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco-4.2.c-3/apps/alfresco/data
10:49:36,776 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
10:49:38,273 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
10:49:38,296 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 2 module(s).
10:49:38,411 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.module.vti' version 1.2.
10:49:38,479 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.integrations.google.docs' version 2.0.1.
10:49:38,493 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]
10:49:39,562 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
10:49:39,961 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfinst] complete
10:49:39,962 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
10:49:40,211 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
10:49:45,269 WARN  [org.alfresco.fileserver] CIFS, Unable to get local domain/workgroup name, using default of WORKGROUP. This may be due to firewall settings or incorrect <broadcast> setting)
10:49:45,306 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
10:49:45,306 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]
10:49:45,306 ERROR [org.alfresco.fileserver] [SMB] Server error : org.alfresco.jlan.server.config.InvalidConfigurationException: Error initializing TCP-IP SMB session handler, Permission denied
10:49:45,315 ERROR [org.alfresco.fileserver] Error from JLAN
org.alfresco.jlan.server.config.InvalidConfigurationException: Error initializing TCP-IP SMB session handler, Permission denied
        at org.alfresco.jlan.smb.server.nio.NIOCifsConnectionsHandler.initializeHandler(NIOCifsConnectionsHandler.java:259)
        at org.alfresco.jlan.smb.server.SMBServer.run(SMBServer.java:479)
        at java.lang.Thread.run(Thread.java:724)
10:49:45,562 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete
10:49:45,562 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, outbound]
10:49:45,626 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, outbound] complete
10:49:45,629 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, inbound]
10:49:45,835 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
10:49:45,835 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'googledocs' subsystem, ID: [googledocs, default]
10:49:46,676 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'googledocs' subsystem, ID: [googledocs, default] complete
10:49:46,681 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Subscriptions' subsystem, ID: [Subscriptions, default]
10:49:46,706 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Subscriptions' subsystem, ID: [Subscriptions, default] complete
10:49:46,713 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Disabled - clear non-missing user usages …
10:49:46,733 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Found 0 users to clear
10:49:46,733 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] … cleared non-missing usages for 0 users
10:49:46,734 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
10:49:46,881 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
10:49:46,926 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since 10-Jul-2013 4:16:52 PM from user registry 'ldap1'
10:49:46,980 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
10:49:46,981 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
10:49:46,986 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since 10-Jul-2013 11:20:58 AM from user registry 'ldap1'
10:49:47,017 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 0 entries
10:49:47,017 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 0 entries
10:49:47,099 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
10:49:47,100 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed
10:49:47,141 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
10:49:47,203 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.7.0_25-b15; maximum heap size 494.938MB
10:49:47,204 WARN  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 494.938MB is less than recommended 512MB
10:49:47,204 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community). Current version: 4.2.0 (4576) schema 6,022. Originally installed version: 4.2.0 (4576) schema 6,022.
10:49:47,206 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
10:49:47,463 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default] complete
10:49:47,481 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Replication' subsystem, ID: [Replication, default]
10:49:47,520 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Replication' subsystem, ID: [Replication, default] complete
10:49:51,893 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'googledocs' subsystem, ID: [googledocs, v2]
10:49:51,978 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'googledocs' subsystem, ID: [googledocs, v2] complete
10:49:52,050 INFO  [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 7070
10:49:52,051 INFO  [org.alfresco.module.vti.VtiServer] Vti server SessionIdManagerWorkerName: jetty1
10:50:01,082 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 486 Web Scripts (+0 failed), 766 URLs
10:50:01,083 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 2 Package Description Documents (+0 failed)
10:50:01,083 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 1 Schema Description Documents (+0 failed)
10:50:01,085 INFO  [org.springframework.extensions.webscripts.AbstractRuntimeContainer] Initialised Repository Web Script Container (in 8977.392ms)
10:50:01,102 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
10:50:01,104 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
</blockquote>

Any help regarding this issue would be greatly appreciated.

Thanks



Outcomes