How to configure Alfresco with LDAP for authentication - Ochounos.com

Blog

How to install RainLoop webmail
27th of April 2016

How to configure code coverage with Selenium in Phpunit
24th of February 2014

How to install roundcube
9th of December 2013

How to jail / chroot users in FTP / SFTP
12th of June 2013

How to install a web server
23rd of April 2012

How to install svn server
15th of August 2011

How to create color schemes in Liferay
1st of June 2011

How to integrate JasperServer into Liferay
10th of March 2011

Good practices in applications development in Liferay and Alfresco
21st of February 2011

How to configure Alfresco with LDAP for authentication
9th of February 2011

How to merge two ldap servers with Penrose ldap virtual server
8th of February 2011

How to integrate KonaKart into Liferay
24th of January 2011

How to configure Liferay with Penrose LDAP and CAS
17th of January 2011

How to install Liferay
16th of January 2011

How to configure Alfresco with LDAP for authentication
Published Wednesday, 9th of February 2011

Overview Steps to configure Alfresco to authenticate against LDAP server users list. It has been tested with Alfresco 3.4 and Penrose 2.0 ldap server over CentOS 5.5Alias table

Variable	Example	Description
${ALFRESCO_DIR}	/opt/alfresco/	Folder where alfresco was installed
${LDAP_SERVER_HOST}	localhost	Host where ldap server is running
${LDAP_SERVER_PORT}	10389	Port where ldap server is running
${LDAP_ADMIN}	uid\=admin,ou\=system	Admin user in the ldap
${LDAP_PAWWORD}	secret	Password for the ldap server

Steps to follow Define chain authentication

Add to the file ${ALFRESCO_DIR}/tomcat/shared/classes/alfresco-global.properties the next line:
1
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

Create LDAP subsystem

Create the file ldap-authentication.properties the path ${ALFRESCO_DIR}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/

Configure LDAP authentication

Add the next line to the file ldap-authentication.properties to activate authentication:
1
ldap.authentication.active=true
Add the next lines to the file ldap-authentication.properties to add the LDAP server:
12345678
# Base DN containing users
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=ochounos,dc=com
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://${LDAP_SERVER_HOST}:${LDAP_SERVER_PORT}
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple

Configure LDAP synchronization

Add the next line to the file ldap-authentication.properties to activate synchronization:
1
ldap.synchronization.active=true
Add the next lines to the file ldap-authentication.properties defining user and password for access:
12345
# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=${LDAP_ADMIN}
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=${LDAP_PASSWORD}
Add the next lines to the file ldap-authentication.properties to configure queries:
1234567891011121314151617181920212223
# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=ochounos,dc\=com
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=Users,dc\=ochounos,dc\=com
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
Add the next lines to the file ldap-authentication.properties to map ldap fields:
1234567891011121314151617181920212223242526272829
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
#ldap.synchronization.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronization.groupType=groupOfNames
# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member

References http://www.alfresco.com/

Back to the list of entries

Company dedicated to web development, graphic design, photography and web hosting.

Blog