AnsweredAssumed Answered

Problem in LDAP-AD Process and Doubt in workflow

Question asked by raghunandangowda on May 3, 2018
Latest reply on May 3, 2018 by Jayesh Prajapati

Hey guys,

I stuck in LDAP-AD Integration since I'm new to alfresco. I followed as below.

Please confirm me the work flow which I've done is whether right or wrong.

In the first,

1. Added the authentication-chain in alfresc-global.properties file.

2. Created a ldap-authentication.properties file and ldap-authentication-context.xml file under the [C:\alfresco-community\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad1] folder.

This is my current work for LDAP-AD Integration.

 

So, my doubt is, should I add any files other than the above .properties files and .xml file. 

If so please let me know, what files I should add and where I'm supposed to add. [i.e. folder path]

 

I'm getting the below errors:

1. ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: domaincontroller.company.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]

2. ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04030019 Failed to communicate with ldap://domaincontroller.company.com:389. Reason javax.naming.CommunicationException, domaincontroller.company.com:389, java.net.ConnectException, Connection timed out: connect

 

 

Below is the properties which I'm running for LDAP-AD Integration.

The below code written in alfresco-gloabl.properties file:

authentication.chain=ldap-ad1:ldap-ad, alfinst:alfrescoNtlm
synchronization.import.cron=0 0 18 * * ?
synchronization.synchronizeChangeOnly=false

 

 

The below code written in ldap-authentication.properties file:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@xyz.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://svr01.xyz.com:389
ldap.authentication.java.naming.security.authentication=simple

 

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.authenticateFTP=true

 

# Enable synchronisation ..
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
# synchronization.syncOnStartup=true

 

ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=0

 

# Group, person Query and Differential Query
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
# Search and Timestamp
ldap.synchronization.groupSearchBase=dc\=xyz,dc\=com
ldap.synchronization.userSearchBase=ou\=users,dc\=xyz,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

 

# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

 

And the xml files are attached.

[fyi: These two xml files are located in ldap-ad1 folder only.]

Any help is appreciated.

 

 

Cesar Capillas You're veteran in LDAP-AD Integration. [ I followed as you suggested me in last post but it didn't work: fyi https://community.alfresco.com/message/831826-re-not-able-to-login-during-ldap-ad-integration?commentID=831826&et=watche…  ] Please help me out sir.

 

 

 

Regards,

Raghu

Outcomes