AnsweredAssumed Answered

Alfresco Share & Ldap Auth (Many attempts to login)

Question asked by aballesteg on May 13, 2014
Latest reply on May 28, 2014 by aballesteg
I've been using Alfresco 4.2e CE and works fine, I made LDAP Authentication only integration (not synchronization, I create users manually), It works really fine, but I have a trouble, when Alfresco doesn't have activity for many time and users try to login with LDAP credentials by Alfresco Share, Alfresco says that not available o user credentials wrong, but, users have to make many attempts to login successfully (like 6 attempts) and then, other ldap users login at first attempt normally. I don't know what happen. LDAP works fine with other apps, I don't know if Alfresco use the same connection to ldap o make another new one.

Anyone has been the same problem?
is there any LDAP param to fix?
is there any LDAP param to control connections to ldap?

I'm working with Lotus Domino LDAP

Alfresco Logs show nothing about this, no exception, no problem.

My authentication chain in alfresco-global.properties:

authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm


I use ntlm too because I have external users from LDAP.

My ldap-authentication.properties:

ldap.authentication.active=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.lotusdomain.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=wpsbind
ldap.synchronization.java.naming.security.credentials=wpsbind13
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=O=LotusD
ldap.synchronization.userSearchBase=O=LotusD
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

# Requests timeout, in miliseconds, use 0 for none (default)
ldap.authentication.java.naming.read.timeout=5000



I increased ldap.authentication.java.naming.read.timeout to 5000 because I though I had problems with timeout to ldap, but problem persist.


Please Help! I don't know what other thing to do!

Best regards!

Outcomes