AnsweredAssumed Answered

Ldap-ad Configuration

Question asked by thk on Mar 10, 2016
Latest reply on Mar 14, 2016 by thk
We configured ldap-ad in alfresco-global.properties in the following way:

authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,ldap-ad1:ldap-ad
alfresco.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
passthru.authentication.servers=10.1.1.10\\ota.de,ota.de
passthru.authentication.domain=# Leave blank
passthru.authentication.useLocalServer=false

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@OTA.DE
ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.OTA.DE:389
ldap.authentication.defaultAdministratorUserNames=alfresco
ldap.synchronization.java.naming.security.principal=alfresco@OTA.DE
ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.groupSearchBase=ou=Security Groups,ou=Alfresco\,dc=OTA,dc=DE
ldap.synchronization.userSearchBase=ou=User Accounts,ou=Alfresco,dc=OTA,dc=DE

In alfresco.log I got:


-1] Synchronizing users and groups with user registry 'ldap-ad1'
2016-03-10 14:09:35,834 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap-ad1'
2016-03-10 14:09:35,905 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
2016-03-10 14:09:35,978 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 02100001 Failed to communicate with ldap://10.1.1.10.OTA.DE:389. Reason javax.naming.CommunicationException, 10.1.1.10.otca.br:389, java.net.UnknownHostException, 10.1.1.10.OTA.DE


10.1.1.10 is the internal IP of our Domain Server , the domain is ota.de

I also tried
ldap.authentication.java.naming.provider.url=ldap://OTA.DE:389 and ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.ota.de:389 instead of ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.OTA.DE:389 but got:



2016-03-10 14:15:45,428 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2016-03-10 14:15:45,609 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap-ad1'
2016-03-10 14:15:45,662 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap-ad1'
2016-03-10 14:15:45,697 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02100001 Error during LDAP Search. Reason:[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]; remaining name 'ou=Security Groups,ou=Alfresco,dc=OTA,dc=DE'


So whats wrong? Thanks for helping!

Outcomes