Saturday, 4 June 2011

Configure LDAP authentication for Alfresco

Under the /subsystems/authentication structure, there are folders for ldap, passthru, etc. In the ldap folder, there is a .properties file... ldap-authentication.properties.
This is what you have to edit...
Specifying your server, ldap structure, authentication account, if you sync or not, etc. Go through it, there are pretty good explanations in the comments.

Lastly, edit the repository.properties file... add ldap1:ldap to the chain (probably only has alfrescoNtlm on it?) to activate your ldap config. You can also set this in the alfresco-global.properties file
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/repository.properties
 - or -
file: /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
# The default authentication chain
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
restart, test...

Check out the example after the break.
Example:

In this example not only do i have setup ldap i also set up passthrough to make cifs work with our samba domain.
for ldap i set this (for groups ldap need to support overlay memberof) :

file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties
ldap.authentication.active=true
#personal choice, i always want everyone to login:
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=domain,dc=local
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<ldapservername>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=<user1>,<user2>
#this is set so all my groups and users will exist in alfresco, even if they have not yet signed in, so they can be invited easly to an new project(site)
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=admin,dc\=company,dc\=local
ldap.synchronization.java.naming.security.credentials=<typeadminuserpasswordhere>
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=company,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,dc\=company,dc\=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
for samba domain:
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties
passthru.authentication.useLocalServer=false
passthru.authentication.domain=<shortdomainnameasisinfilesmb.conf>
passthru.authentication.servers=<domaincontroleripaddress>
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=<domainuser>
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
and lastly set autentication in:
file: /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
#ldap and samba domain support:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 */10 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?

Possibly Related Posts

No comments:

Post a Comment