AnsweredAssumed Answered

Alfresco CE 5.0.b SPP AD LDAP Authentication Issues

Question asked by plar on Nov 12, 2014
Latest reply on Aug 28, 2015 by javier.vargas
Hi,

I've been attempting to implement an Alfresco CE 5.0.b instance on a CentOS 6.6 box authenticating against a Windows Server 2008 AD domain, however I'm encountering issues with the SPP interacting with MS Office 2013 on the clients.


I've managed to get Alfresco to sync with the AD servers and have visibility of the AD Security groups & users within the Alfresco web front-end.

The issue I'm encountering is with the "edit online" functionality, where Office will open and attempt to open the file, however the user is being constantly challenged to provide credentials (which ultimately don't work).

The steps to reproduce this are:

- Log into Alfresco web gui using AD credentials.
- Navigate to SharePoint site (which the user is a manager of).
- Access the documents library.
- Select a spreadsheet that has been placed into the documents library as a test.
- Click on "Edit Online".
- Excel 2013 will open, however will challenge for credentials constantly - before failing (with the AD credentials).

I have tried to plug the AD credentials into the Excel 2013 credential challenge for the hostname <alfresco_server_name.domain.co.uk> in the folllowing formats (just as a punt):

username@domain
username@domain.co.uk
domain\username
domain.co.uk\username
<alfresco_server_name>\username
username@<alfresco_server_name>
<alfresco_server_name.domain.co.uk>\username
username@<alfresco_server_name.domain.co.uk>

But none of these worked & ultimatley fails with the error "Microsoft Excel cannot access the file 'http://<alfresco_server_name.domain.co.uk>:7070/alfresco/<sitename>/documentLibrary/<filename>'. There are several possible reasons.".

On the off chance I did provide the Alfresco admin's credentials into the Excel 2013 credential challenge, which allowed me to access & edit the file online within Excel.

Below is my alfresco-global.proerties file (which has been sanitized of any internal data):



###############################
## Common Alfresco Properties #
###############################

dir.root=/home/alfresco-5.0.b/alf_data

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
#You can login by bulidin alfresco authentication system and ldap

ntlm.authentication.sso.enabled=true

ldap.authentication.allowGuestLogin=false
#do not allow guest logon

ldap.authentication.userNameFormat=%s@domain.co.uk
#your login is the same like user name in windows

ldap.authentication.java.naming.provider.url=ldap://<activedirectoryserver>:389
#adres of ldap server
ldap.authentication.defaultAdministratorUserNames=admin
#users with admin rights
ldap.synchronization.java.naming.security.principal=_ALFRESCO_SERVICE@domain.co.uk
#account ldap administrator on your server
ldap.synchronization.java.naming.security.credentials=REMOVED
ldap.synchronization.groupSearchBase=dc=\domain,dc\=co,dc\=uk
ldap.synchronization.userSearchBase=dc=\domain,dc\=co,dc\=uk

alfresco.context=alfresco
alfresco.host=<alfresco_server_name>.domain.co.uk
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=<alfresco_server_name>.domain.co.uk
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.gjt.mm.mysql.Driver
db.username=alfresco
db.password=REMOVED
db.name=alfresco
db.url=jdbc:mysql://localhost/alfresco?useUnicode=yes&characterEncoding=UTF-8
# Note: your database must also be able to accept at least this many connections.  Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=TEST

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=/home/alfresco-5.0.b/libreoffice/program/soffice
ooo.enabled=true
ooo.port=8100
img.root=/home/alfresco-5.0.b/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/home/alfresco-5.0.b/common/bin/pdf2swf
swf.languagedir=/home/alfresco-5.0.b/common/japanese

jodconverter.enabled=false
jodconverter.officeHome=/home/alfresco-5.0.b/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=REMOVED

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=/home/alfresco-5.0.b

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443

### BPM Engine ###
system.workflow.engine.jbpm.enabled=false

### Allow extended ResultSet processing
security.anyDenyDenies=false


Enabling NTLMv1 on the clients and using passthru isn't an option within the environment that this Alfresco instance will be operating within.


Any guidance/or any obvious corrections that anybody could provide, would be gratefully received.

Outcomes