Thursday, August 11, 2011

Basic Active Directory and Alfresco integration

This post will show a simple way to configure LDAP - Active Directory in Alfresco 3.4.2 Enterprise Edition. Before to read this post please, verify if Alfresco has been installed.

After install Alfresco, copy the folder ldap-ad  and file common-ldap-context.xml inside the
folder to
and rename folder to the ldap-ad1. 
This folder contains 2 files:
  • ldap-ad-authentication-context.xml
First file, that will be edited in this post, contains all properties to config the integration between Alfresco and LDAP-AD. When you open this file you will see many properties,  the most of these need not be edited.
So, let's to configuration. To start, open the file located in the shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad folder and then edit the properties described follow.
This Boolean flag, when true, enables use of this LDAP subsystem for authentication.
This property indicate how to map the user id entered by the user to that passed through to LDAP. Normally, in AD I use UPN (User Principal Name) with property format <sAMAccountName>@<UPN Suffix> ex:%s@yourDomain
The URL to connect to the LDAP server, containing its name and port. The standard port for LDAP is 389. ex: ldap://<yourDomain>:<yourPort>
A comma separated list of user names who should be considered administrators by default. ex: user.01,user02,
The mechanism used to validate passwords with the LDAP server. By default AD use simple.
This flag, when true, enables use of the LDAP subsystem for user registry export functions and decides whether the subsystem will contribute data to the Synchronization Subsystem. If you should only be used for authentication, in which case this flag should be set to false.
This boolean, when trueallow unauthenticated users to log in to Alfresco as 'guest'
The LDAP user to connect as to do the export operation. ex: alfresco@yourDomain
The password for this user.
The DN below which to run the group queries. ex: ou=alfresco,dc=com
The DN below which to run the user queries. ex: ou=alfresco,dc=com

After edit the above properties, open the file located in the folder  <TOMCAT_HOME>/shared/classes/ and input or replace the authentication.chain property including the new subsystem. In this case the subsystem created is ldap1:ldap-ad.
Follow line has the example of authentication.chain  propertie using Alfresco and LDAP-AD authentication

Reboot Alfresco and attention to log. When Alfresco startup successifully try to login with the user from LDAP. 

No comments:

Design by Wordpress Theme | Bloggerized by Free Blogger Templates | coupon codes