This post will show a simple way to configure LDAP - Active Directory in Alfresco 3.4.2 Enterprise Edition. Before to read this post please, verify if Alfresco has been installed.
After install Alfresco, copy the folder ldap-ad and file common-ldap-context.xml inside the
<TOMCAT_HOME>/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/
folder to
<TOMCAT_HOME>/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad.
and rename folder to the ldap-ad1.
This folder contains 2 files:
- ldap-ad-authentication.properties
- ldap-ad-authentication-context.xml
First file, that will be edited in this post, contains all properties to config the integration between Alfresco and LDAP-AD. When you open this file you will see many properties, the most of these need not be edited.
So, let's to configuration. To start, open the ldap-ad-authentication.properties file located in the shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad folder and then edit the properties described follow.
ldap.authentication.active
This Boolean flag, when true, enables use of this LDAP subsystem for authentication.
ldap.authentication.userNameFormat
This property indicate how to map the user id entered by the user to that passed through to LDAP. Normally, in AD I use UPN (User Principal Name) with property format <sAMAccountName>@<UPN Suffix> ex:%s@yourDomain
ldap.authentication.java.naming.provider.url
The URL to connect to the LDAP server, containing its name and port. The standard port for LDAP is 389. ex: ldap://<yourDomain>:<yourPort>
ldap.authentication.defaultAdministratorUserNames
A comma separated list of user names who should be considered administrators by default. ex: user.01,user02,user.xyz
ldap.authentication.java.naming.security.authentication
The mechanism used to validate passwords with the LDAP server. By default AD use simple.
ldap.synchronization.active
This flag, when true, enables use of the LDAP subsystem for user registry export functions and decides whether the subsystem will contribute data to the Synchronization Subsystem. If you should only be used for authentication, in which case this flag should be set to false.
ldap.authentication.allowGuestLogin
This boolean, when true, allow unauthenticated users to log in to Alfresco as 'guest'
ldap.synchronization.java.naming.security.principal
The LDAP user to connect as to do the export operation. ex: alfresco@yourDomain
The LDAP user to connect as to do the export operation. ex: alfresco@yourDomain
Follow line has the example of authentication.chain propertie using Alfresco and LDAP-AD authentication
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
Reboot Alfresco and attention to log. When Alfresco startup successifully try to login with the user from LDAP.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
Reboot Alfresco and attention to log. When Alfresco startup successifully try to login with the user from LDAP.
No comments:
Post a Comment