Recent Bloggers

Ankit Prajapati
Posts: 5
Stars: 0
Date: 9/18/17
Chirag Patel
Posts: 4
Stars: 0
Date: 9/15/17
Rahul Joshi
Posts: 5
Stars: 0
Date: 9/15/17
Jiten Vaghela
Posts: 1
Stars: 0
Date: 8/23/17
Kuldeep Acharya
Posts: 1
Stars: 0
Date: 8/16/17
Saurang Suthar
Posts: 5
Stars: 0
Date: 7/5/17
Jyoti Verma
Posts: 3
Stars: 0
Date: 6/29/17
Pankti Patel
Posts: 1
Stars: 0
Date: 5/27/17
Chandrika Baraiya
Posts: 5
Stars: 0
Date: 5/27/17
Atith Patel
Posts: 5
Stars: 0
Date: 5/23/17
« Back

Alfresco Authentication and Synchronization with LDAP

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol which is used to access centrally stored information over a network. LDAP Server is mainly used as address book and authentication backend for various services.

 
Environment Details and Software Versions:
 
  • Ubuntu 12.04 LTS.
  • OpenLDAP 2.4.40.
  • Java Oracle 7.
  • Alfresco 5.0.d and Alfresco 5.1.e Community Edition.

Prerequisite:

  • Basic understanding of Alfresco and OpenLDAP terms / terminology is required to understand this blog.
     

Step-1: Install and configure OpenLDAP by following the below blog:

http://www.surekhatech.com/blog/install-and-configure-open-ldap-on-ubuntu


Step-2: Update Alfresco Global Properties:


Update /alfresco/tomcat/shared/classes/alfresco-­global.properties file with/for the following content:

authentication.chain=ldap1:ldap
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true

 

Step-3: OpenLDAP configuration in Alfresco:
 

Visit the below directory to configure ldap. Create the same directory structure, if  it doesn’t exist and create a file ldap­-authentication.properties inside this directory:
 

/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1


Copy the below content in this ldap­-authentication.properties file:
 

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.authentication.authenticateFTP=true

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com
ldap.synchronization.java.naming.security.credentials=secret

ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc\=company,dc\=com
ldap.synchronization.userSearchBase=dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

 

Update the properties in ldap­-authentication.properties file as per your LDAP configuration.
 

For more implementation details or support you may contact us at enquiry@surekhatech.com.

 
Comments
Trackback URL:

jamal HT
Hi, Thanks again for your post. Iam using alfresco 5.1, and i have followed the tutorial. I cannot connect to alfresco.
Posted on 7/28/16 12:27 PM.

Contact Us

Loading

Get in touch

Headquarter :
302, Landmark,
Nr. Titanium City Center,
Prahlad Nagar Road,
Ahmedabad, India - 380015.