Quantcast
Channel: Alfresco Forums - Authentication, LDAP, & SSO
Viewing all 165 articles
Browse latest View live

Ldap group as defaultHomeFolderProvider

July 16, 2015, 5:14 am
$
0
0
Authentication, LDAP, & SSO

I´m using Alfresco-LDAP to migrate all my ldap users to Alfresco service.

So far I achieve transfer all users but for every user the home folder created in Alfresco for them is his name, and what I would like, is to share a folder for all members of the ldap group, since I have multiple groups and every user of that group only can get files from that group.

This is the property

ldap.synchronization.defaultHomeFolderProvider
I read in the Alfresco documentation http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards But seems like what I´m trying to do is not contemplated.

Any suggestion please?

4.2
LDAP
Search

External SSO in Alfresco from remote application

July 17, 2015, 12:00 am
$
0
0
Authentication, LDAP, & SSO

Hi,

I am developing a use case where i have one java web application which i have integrated with alfresco and now i need the external authentication SSO to be enabled in alfresco.

My use case is:

From my web application login page when i enter the username and password it should create the user profile in alfresco giving the authentication in alfresco if that user doesn't exist in alfresco.

i want to know how to send the user info from web application to alfresco so that it creates the user profile?

Regards
Nancy

alfresco-on-windows-server-with-active-directory-authentication

July 17, 2015, 10:35 am
$
0
0
Authentication, LDAP, & SSO

I am testing out the functionality of alfresco with Active Directory Intergration.

I have the latest version 15.0d.

I have searched for help on getting this set up and only find steps for older version. In the steps there are locations and name of the files needed to be edited, I am not able to find the files in the 150d version.
Link: http://pomeroy.me/2013/02/alfresco-on-windows-server-with-active-directory-authentication/
http://blog.infoaxon.com/alfresco-integration-active-directory/1313
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems

Are there steps for the current version?

Thank you

devdevk

5.0.d
asactive acactive directory

Create home folder with LDAP data

July 19, 2015, 1:18 am
$
0
0
Authentication, LDAP, & SSO

I´m importing user from LDAP and I would like to create home folders with instead the name of the user the organization that he has on LDAP.
So far I modify the ldap-authentication.properties with my provider

 ldap.synchronization.defaultHomeFolderProvider=organizationHomeFolderProvider

then I add the bean provider on ldap-authentication-contex

<bean name="organizationHomeFolderProvider"class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry"/>
</property>
<property name="path">
<value>/${spaces.company_home.childname}/HERE I WANT ADD THE ORGANIZATION FOR EVERY USER</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="onCreatePermissionsManager">
<ref bean="defaultOnCreatePermissionsManager"/>
</property>
<property name="onReferencePermissionsManager">
<ref bean="defaultOnReferencePermissionsManager"/>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager"/>
</property>
</bean>

So basically I want create a home folder with the structure /Company home/Organization of the user. But I´m completely lost, no documentation at all about how to achieve this.

Please any help would be great!

Alfresco Ldap Use organization in spaces.user_homes.regex.key

July 19, 2015, 5:05 am
$
0
0
Authentication, LDAP, & SSO

Using import from ldap to Alfresco, I´m trying to move the user home folder to use the organization(o) of the user, so I´m using regular expression in my alfresco-global.properties

 spaces.user_homes.regex.key=organization

In my common-ldap-context.xml 

<entry key="cm:organization">
<!-- OpenLDAP:"o"-->
<!-- Active Directory:"???"-->
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
</entry>

And I see that now in the user profile of Alfresco I can see the organization filled.

But when I start up the server Alfresco run the exception

  org.alfresco.repo.security.person.PersonException: 06190000 Can not create a home folder when the {http://www.alfresco.org/model/content/1.0}organization property is null or empty

LDAP Groups sync to Admin Group

July 19, 2015, 11:44 pm
$
0
0
Authentication, LDAP, & SSO

Hello everbody,

i just have one question. Is there a way to use LDAP Groups as Admin Groups in Alfresco?
Connection to LDAP works fine i could search for Groups and user, but i prefer that the admin Group in LDAP is the admin Group in Alfresco

i use alfresco 5.0

thank you

René

5.0.d
LDAP

Active Directory Integration with 5.0.d

July 20, 2015, 5:39 am

Alfresco openCMIS connect to home folder

July 20, 2015, 7:14 am
$
0
0
Authentication, LDAP, & SSO

In Alfresco I have this structure /Company Home/A and /Company Home/B some users home folders are set to A and others set to B.

Problem: I see that in order to connect from my application to Alfresco though OpenCMIS, I need connect there using the repositoryId, aka MainRepository(Company home), so I need give all users from A and B permissions to connect to there. So that´s means that if a users from A connect to Alfresco, they can read documents from B, and the other way around.

I was expecting using OpenCMIS can connect directly to my home folder.

Any idea or suggestion about my issue?.

Thanks

Search

Trouble binding using UID; dn: cn=... ... use Search Bind?

July 20, 2015, 8:39 am
$
0
0
Authentication, LDAP, & SSO

Hey, somewhat new here.

dn: cn=Tom Amy,ou=people,dc=maxt,dc=com
objectclass: inetOrgPerson
cn: Tom Amy
cn: Tom A Amy
cn: Tom Amy
sn: amy
uid: tamy
mail:
mail:
description: sys admin

In this case I can bind to OpenLDAP using CN but not using UID

I anticipate this is because simple BIND uses the dn the user was created with by default... and in this case his dn uses the cn.
A little research led me to think that using a Search Bind would fix this... but how to go about doing that is lacking some documentation or examples that I can find.

Also was thinking to change the attribute to "objectClass" instead of "distinguishedName" but figure that would take a lot more work

Much appreciation!

LDAP + StartTls

July 21, 2015, 8:34 am
$
0
0
Authentication, LDAP, & SSO

Hello,

I am using Alfresco 4.2.e on Windows Server 2008 R2.

I intent to configure LDAP authentication on Alfresco so that the users of my Windows AD could log on Alfresco.

My problem is the use of a certificate with StartTls encryption method. Anybody of my AD can log on Alfresco, and I haven't found in the documentation something about my case... How can I enforce Alfresco to choose StartTls encryption method?

In alfresco.log, I have the following error :


11:00:00,186 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 06200027 Echec de la connexion à ldap://SERVER.DOMAIN.local:389. Raison javax.naming.AuthenticationNotSupportedException, [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1 ]
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:192)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:108)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:89)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.(LDAPUserRegistry.java:688)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:685)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:969)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:714)
at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1 ]

Method applied :

1) Tests with Apache Directory Studio

* Failed with the previous error when:
server : SERVER.DOMAIN.local, port:389, encryption method : none, provider : JNDI
authentication method : simple, Bind DN/SASL : CN=Alfresco,CN=Users,DC=DOMAIN,DC=local
or authentication method : simple, Bind DN/SASL :

* Succeed with
server : SERVER.DOMAIN.local, port:389, encryption method : StartTls, provider : JNDI
authentication method : simple, Bind DN/SASL : CN=Alfresco,CN=Users,DC=DOMAIN,DC=local
or authentication method : simple, Bind DN/SASL :

2) Alfresco configuration

In alfresco-global.properties file I added in the end :

### Protocoles d’authentification ###

authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
 

### Synchronisation Active Directory ###

synchronization.import.cron=00/309-18?* MON-FRI

synchronization.synchronizeChangesOnly=false

synchronization.syncWhenMissingPeopleLogIn=true

I added in the arborescence :
C:\Alfresco\tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap
- file : common-ldap-context.xml (copy)
- directory : ldap-ad1
|
-------- files : ldap-ad-authentication.properties (copy), ldap-ad-authentication-context.xml (copy)
** copies from C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication...

I updated the copy of ldap-ad-authentication.properties like this :

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain.local
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://SERVER.DOMAIN.local:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=user_alfresco,Administrateur,admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=CN=Alfresco,CN=Users,DC=DOMAIN,DC=local
ldap.synchronization.java.naming.security.credentials=secret
 
ldap.synchronization.queryBatchSize=1000      
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) 
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0}))) 
ldap.synchronization.groupSearchBase=dc\=DOMAIN,dc=local
ldap.synchronization.userSearchBase=dc\=DOMAIN,dc=local
 
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

3) Java configuration
Inspired by https://wiki.alfresco.com/wiki/Ldap_over_SSL

- I copied the certificate from Apache Directory Studio (Window>Preferences>Apache Directory Studio> Certificate validation> export on my PC the certificate CN=SERVER.DOMAIN.local and renamed "certificate.der")
- in a Windows batch console (Administrator mode):

C:\Alfresco\java\bin\keytool -import-alias 192.168.1.101 -keystore "C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts"-file C:\Users\user_alfresco\Documents\certificate.der

C:\Alfresco\java\bin\keytool -import-alias SERVER.DOMAIN.local-keystore "C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts"-file C:\Users\user_alfresco\Documents\certificate.der

I indicated my keystore password for each previous command.
I opened the properties of the tomcat service of Alfresco with the following command
C:\Alfresco\tomcat\bin\tomcat7w //ES//alfrescoTomcat

And in Java>Java Options, I added :
-Djavax.net.ssl.trustStore="C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts"

I restarted tomcat and... it I could not log on Alfresco.

4.2.e
french speaker

OKTA intergration

July 23, 2015, 5:51 am

LDAP Syncronization with passthru not working the way I would expect?

July 23, 2015, 2:02 pm
$
0
0
Authentication, LDAP, & SSO

I think I'm missing something in the documentation about accouns that are already created and ldap synchronization. We have passthru and ldap authentication working (Atleast I think, but our ldap sync task is not pulling all of our ldap users in alfresco, and we don't see the givenName or sn from AD being synchronized into alfresco. Could you guys explain why this is happening? 

###############################
## Common Alfresco Properties #
###############################
 
 
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
 
 
 
 
 
### E-mail site invitation setting ###
notification.email.siteinvite=false 
### License location ###
dir.license.external=D:/leveldata/apps/Alfresco
 
 
 
### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443 
 
### BPM Engine ###
system.workflow.engine.jbpm.enabled=false 
 
### Allow extended ResultSet processing
security.anyDenyDenies=false 
#Custom Settings from
 
mail.host=mailrelay
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.from.default=noreply@us.com
mail.smtp.auth=false 
 
mail.testmessage.send=true
mail.testmessage.to=nus@us.com
mail.testmessage.subject=Outbound SMTP
 
mail.testmessage.text=The Outbound SMTP email subsystem is working.
 
#Authentication settings
#passthru1:passthru
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,passthru1:passthru
ntlm.authentication.sso.enabled=false 
 
### CIFS/SMB Server Configuration ###
cifs.enabled=true
cifs.domain=ld.local
cifs.serverName=${localname}A
cifs.hostannounce=true 
 
#CIFS with LDAP We have to use passthru for CIFS due to limitations in how cifs has to authenticate
ntlm.authentication.authenticateCIFS=false
#Must be disabled to allow chained password-based login
ntlm.authentication.sso.enabled=false 
 
 
 
#ntlm.authentication.mapUnknownUserToGuest=false 
 
alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false 
passthru.authentication.authenticateCIFS=true 
 
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.servers=LD\\10.1.1.1
 
passthru.authentication.offlineCheckInterval=300 
 
#LDAP authentication
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain.local
ldap.authentication.java.naming.provider.url=ldap://domain.local:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco_service@domain
ldap.synchronization.java.naming.security.credentials=somepassword
ldap.synchronization.groupSearchBase=OU=Groups,OU=domain,DC=local
ldap.synchronization.userSearchBase=DC=domain,DC=local
 
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
 
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false 
 
#JMX - No JMX in community edition 
#alfresco.rmi.services.host=alfresco.something.com
#alfresco.rmi.services.port=50500
alfresco.rmi.services.host=0.0.0.0
alfresco.rmi.services.port=50500

Alfresco.log

2015-07-23 00:00:01,565 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Synchronizing users and groups with user registry 'ldap1'2015-07-23 00:00:03,112 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Full synchronization with user registry 'ldap1'2015-07-23 00:00:03,112 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Some users and groups previously created by synchronization with this user registry may be removed.
2015-07-23 00:00:03,143 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Retrieving all groups from user registry 'ldap1'2015-07-23 00:00:03,237 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2015-07-23 00:00:03,237 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2015-07-23 00:00:15,331 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
	at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at javax.naming.directory.InitialDirContext.search(Unknown Source)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
	... 11 more
2015-07-23 00:00:15,862 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer][DefaultScheduler_Worker-4] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
	at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at javax.naming.directory.InitialDirContext.search(Unknown Source)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
	... 11 more
2015-07-23 00:00:15,862 ERROR [org.quartz.core.JobRunShell][DefaultScheduler_Worker-4] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception: 
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
	at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at javax.naming.directory.InitialDirContext.search(Unknown Source)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
	... 11 more
2015-07-23 00:00:15,862 ERROR [org.quartz.core.ErrorLogger][DefaultScheduler_Worker-4] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.]
	at org.quartz.core.JobRunShell.run(JobRunShell.java:227)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
	... 1 more
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
	at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at javax.naming.directory.InitialDirContext.search(Unknown Source)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
	... 11 more

Does LDAPS work without Share on HTTPS?

July 28, 2015, 8:03 am
$
0
0
Authentication, LDAP, & SSO

Hi,
On Alfresco Community 4.2.e, 4.2.f, 5...

I just would know if :
1) I need to turn Share on HTTPS to use LDAP with SSL ?
2) I can turn Share on HTTP and use LDAP with SSL (+ Frontal Apache on HTTPS) ?

Thank you!

CMIS Authentication Failing

July 28, 2015, 8:29 am
$
0
0
Authentication, LDAP, & SSO

Hello everyone,

We recently upgraded from Alfresco 5.0.c to 5.0.d and it broke our CMIS API calls because we cannot get authenticated. Below is the exception we are receiving. Does anyone have any ideas?

org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException: Unauthorized
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:468)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:634)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:797)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:69)
at org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfo(RepositoryServiceImpl.java:74)
at org.apache.chemistry.opencmis.client.runtime.SessionImpl.connect(SessionImpl.java:1003)
at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:106)
at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.createSession(SessionFactoryImpl.java:68)

LDAP : the same certificate for Alfresco and Windows?

July 28, 2015, 11:57 am
$
0
0
Authentication, LDAP, & SSO

Hi,

I would like to understand if the couple of private key/certificate used for the Alfresco LDAP subsystem should be the same than the couple used by my Windows LDAP manager?

Example :

For Alfresco I am creating with openssl a certificate for the LDAP subsytems, but a certificate already exists for my Windows AD.

Thank you

Search

Testing External Authentication

July 28, 2015, 4:35 pm
$
0
0
Authentication, LDAP, & SSO

Hello;

I am trying to configure external authentication. 

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
 
external.authentication.proxyUserName=secretAccount
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User

Then I used a simple rest client to make a few calls to 

/alfresco/service/api/login?u={1}&pw={2}

First I made a call as a user to get a ticket. This resulted in 123

Then I made a call with the secret account to get their ticket. 321

Then I made a call with the secret account and with the header set to the original user's username. I still got 321.

This tells me the external authentication is not working; or my test is flawed.

Can someone help me diagnose this?

5.0.c
external authentication

Manual prompted logon fails after enabling kerberos sso and kerberos sso failing for share.

July 29, 2015, 9:47 am
$
0
0
Authentication, LDAP, & SSO

Hi,

I'm currently setting up Alfresco Community 5.0.d and followed the guide at http://docs.alfresco.com/community/concepts/auth-kerberos-intro.html to configure Kerberos authentication towards a windows server 2012 r2 AD.

I have everything including sso working except the following 2 issues:

1. With kerberos.authentication.sso.enabled=true an (external) user without a client that is able to do sso is unable to authenticate to the sharepoint services. The user receives an (basic) authentication window to enter credentials but after submitting the username and password the same authentication window appears again.

Every time the username/password is submitted the following message is logged:
DEBUG [org.alfresco.module.vti.web.VtiFilter] No authentication details found, requesting they authenticate

Mind that kerberos sso works perfectly towards Sharepoint with an sso enabled client (Windows domain member)
I did find hints regarding basic authentication registry settings for the windows webclient service and office but these won't fix my problem.

As soon as I set kerberos.authentication.sso.enabled=false the issue is solved.
Users receive a (basic) authentication window and submitting the username/password simply works.

Remarkable is that with sso enabled the authentication windows only shows: Connecting to sharepoint.xxx.com and with sso disabled it shows: The server sharepoint.xxx.com is asking for your username and password. The server reports that it is from Alfresco Server.

Is there any way that Kerberos SSO can work together with non sso clients who need to manually logon?
What is causing this difference in manual authentication and how can this be resolved?

2. With Kerberos SSO enabled everything is working just fine with the exception of issue 1 and that SSO for Share is not working.

I have carefully followed the guide http://docs.alfresco.com/4.0/tasks/auth-kerberos-shareSSO.html.
SSO for CIFS and Sharepoint works like a charm but Share just always prompts for a username and password.
Browsing to sharepoint.xxx.com shows the "This is the Alfresco SharePoint Module" page without the need to logon. This proves that SSO is working and that the client/browser settings are fine.

I have enabled debugging for Kerberos but this does not provide any output when I logon to Share.

Any idea how I can fix this?

PS. Manual logon to share using the logon page works perfectly with both kerberos.authentication.sso.enabled enabled and disabled.

Thanks in advance for any help.

5.0.d
Kerberos SSOkerberos kerberos sso

authentication failed

July 29, 2015, 12:45 pm
$
0
0
Authentication, LDAP, & SSO

Hello,
For a couple of weeks now, every time I try t login to Alfresco Community to access or upload documents it shows "Your authentication details have not been recognized or Alfresco may not be available at this time" and it seems everyone in my organization has been getting the same message. I tried connecting with Alfresco USA office but they could not help. What can I do?

login authentication failed server

Groups over Groups synchronization

August 3, 2015, 1:22 am
$
0
0
Authentication, LDAP, & SSO

Hello guys,

I have very interesting problem.

Here is the situation:
Alfresco Community 5.0.c with Active Derectory authentication located in Windows Server 2012 R2 Domain Functionality level.

All my users are synchronized from the AD to the Alfresco. They are located in this OU - ou=USERS,ou=Office,dc=domain,dc=com
But the groups that I need use according to the network admins are here in this OU: ou=Alfresco,ou=GROUPS,ou=Office,dc=domain,dc=com
Lets say that in this ou I have group called "Alfresco-Dev" and this group has as a member a generic group from different ou(ou=Originals,ou=GROUPS,ou=Inter,dc=domain,dc=com). All users are deployed in the generic group and the point is that all alfresco group (as "Alfresco-Dev") to inherit all users from the generic groups.

When I deploy the synchronization properties in the global alfresco file:

#Sync all Alfresco groups

ldap.synchronization.groupSearchBase=ou=Alfresco,ou=GROUPS,ou=Inter,dc=domain,dc=com

#Sync all users

ldap.synchronization.userSearchBase=ou=USERS,ou=Inter,dc=domain,dc=com

I can still see all the users and all groups that I need, but the groups are not populated with all users that should be inherited from the generic groups.

What should I do so all groups can inherit the users from their member groups?

Regards!

5.0.c

Alfresco Authentication with Zimbra (OpenLDAP)

August 3, 2015, 2:30 pm
$
0
0
Authentication, LDAP, & SSO

Hi, I Just installed alfresco 5.0d and have zimbra running on another server. I'd configure authentication for Alfresco against the Zimbra LDAP and it works fine for a while, but after some time (like 30 minutes) it stop working.

On my alfresco.log i can see a timeout exception, but the weird thing is that it work for a while and if i restart my alfresco it get back for some more time, can anyone helpme?

This is the exception i get:

2015-08-03 16:46:17,417 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl][http-apr-80-exec-2] Failed to authenticate user "some.user@boos.com.co"'ou=people,dc=boos,dc=com,dc=co'
	at com.sun.jndi.ldap.Connection.readReply(Connection.java:478)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640)
	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563)
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:962)

And This is my /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldapBoos/ldap-authentication.properties (the server, user and password are ok on the original file):

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization,in which case
# this flag should be set to false.
ldap.authentication.active=true 
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=false
# How to map the user id entered by the user to that passed through to LDAP
# - simple 
#    -this must be a DN and would be something like
#      uid=%s,ou=People,dc=company,dc=com
# - digest
#    - usually pass through what is entered
#      %s
# If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will 
# be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
# appear in the DN.
ldap.authentication.userNameFormat=
 
# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 
# The URL to connect to the LDAP server 
ldap.authentication.java.naming.provider.url=ldap://myserver.boos.com.co:389
 
# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple
 
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false
 
# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is 
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
 
# Comma separated list of user names who should be considered administrators by default
#ldap.authentication.defaultAdministratorUserNames=some.user@boos.com.co
 
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for 
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true
 
# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple
 
# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=uid\=zimbra,cn\=admins,cn\=zimbra
 
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=XXXXXXXX
 
# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=0
 
# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.        
ldap.synchronization.attributeBatchSize=0
 
# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=zimbraDistributionList)
 
# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=zimbraDistributionList)(!(modifyTimestamp< \={0})))
 
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectClass\=organizationalPerson)
 
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=organizationalPerson)(!(modifyTimestamp<\={0})))
 
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=cn\=groups,dc\=boos,dc\=com,dc\=co
 
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=people,dc\=boos,dc\=com,dc\=co
 
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
 
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' 
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=mail
 
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
 
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
 
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
 
# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=cn
 
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
 
# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=mail
 
# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=mail
 
# The group type in LDAP
ldap.synchronization.groupType=zimbraDistributionList
 
# The person type in LDAP
ldap.synchronization.personType=organizationalPerson
 
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=zimbraMailForwardingAddress
 
# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true
 
# Requests timeout, in miliseconds, use 0 for none (default)
ldap.authentication.java.naming.read.timeout=10000
 
# Cada cuanto sincroniza?
synchronization.import.cron=0 1 * * * ?
 
# Sincronizar al iniciar
synchronization.syncOnStartup=true
5.0.d
zimbra
openldap
Authentication
Viewing all 165 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am
New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm