Thursday, August 11, 2011

Basic Active Directory and Alfresco integration

This post will show a simple way to configure LDAP - Active Directory in Alfresco 3.4.2 Enterprise Edition. Before to read this post please, verify if Alfresco has been installed.

After install Alfresco, copy the folder ldap-ad  and file common-ldap-context.xml inside the
<TOMCAT_HOME>/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/
folder to
<TOMCAT_HOME>/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad.
and rename folder to the ldap-ad1. 
This folder contains 2 files:
  • ldap-ad-authentication.properties
  • ldap-ad-authentication-context.xml
First file, that will be edited in this post, contains all properties to config the integration between Alfresco and LDAP-AD. When you open this file you will see many properties,  the most of these need not be edited.
So, let's to configuration. To start, open the ldap-ad-authentication.properties file located in the shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad folder and then edit the properties described follow.

ldap.authentication.active
This Boolean flag, when true, enables use of this LDAP subsystem for authentication.
ldap.authentication.userNameFormat
This property indicate how to map the user id entered by the user to that passed through to LDAP. Normally, in AD I use UPN (User Principal Name) with property format <sAMAccountName>@<UPN Suffix> ex:%s@yourDomain
ldap.authentication.java.naming.provider.url
The URL to connect to the LDAP server, containing its name and port. The standard port for LDAP is 389. ex: ldap://<yourDomain>:<yourPort>
ldap.authentication.defaultAdministratorUserNames
A comma separated list of user names who should be considered administrators by default. ex: user.01,user02,user.xyz
ldap.authentication.java.naming.security.authentication
The mechanism used to validate passwords with the LDAP server. By default AD use simple.
ldap.synchronization.active
This flag, when true, enables use of the LDAP subsystem for user registry export functions and decides whether the subsystem will contribute data to the Synchronization Subsystem. If you should only be used for authentication, in which case this flag should be set to false.
ldap.authentication.allowGuestLogin
This boolean, when trueallow unauthenticated users to log in to Alfresco as 'guest'
ldap.synchronization.java.naming.security.principal
The LDAP user to connect as to do the export operation. ex: alfresco@yourDomain
ldap.synchronization.java.naming.security.credentials
The password for this user.
ldap.synchronization.groupSearchBase
The DN below which to run the group queries. ex: ou=alfresco,dc=com
ldap.synchronization.userSearchBase
The DN below which to run the user queries. ex: ou=alfresco,dc=com

After edit the above properties, open the alfresco-global.properties file located in the folder  <TOMCAT_HOME>/shared/classes/ and input or replace the authentication.chain property including the new subsystem. In this case the subsystem created is ldap1:ldap-ad.
Follow line has the example of authentication.chain  propertie using Alfresco and LDAP-AD authentication
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

Reboot Alfresco and attention to log. When Alfresco startup successifully try to login with the user from LDAP. 

Posted by at
Labels: , , ,
Location: Sao Paulo - São Paulo, Brazil

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 
Design by Wordpress Theme | Bloggerized by Free Blogger Templates | coupon codes