Alfresco Authentication and Synchronization with LDAP - Surekha Technologies
Alfresco Authentication and Synchronization with LDAP
OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol which is used to access centrally stored information over a network. LDAP Server is mainly used as address book and authentication backend for various services.
Environment Details and Software Versions:
- Ubuntu 12.04 LTS.
- OpenLDAP 2.4.40.
- Java Oracle 7.
- Alfresco 5.0.d and Alfresco 5.1.e Community Edition.
Prerequisite:
- Basic understanding of Alfresco and OpenLDAP terms / terminology is required to understand this blog.
Step-1: Install and configure OpenLDAP by following the below blog:
http://www.surekhatech.us/blog/install-and-configure-open-ldap-on-ubuntu
Step-2: Update Alfresco Global Properties:
Update /alfresco/tomcat/shared/classes/alfresco-global.properties file with/for the following content:
authentication.chain=ldap1:ldap synchronization.synchronizeChangesOnly=false synchronization.syncWhenMissingPeopleLogIn=true synchronization.syncOnStartup=true
Step-3: OpenLDAP configuration in Alfresco:
Visit the below directory to configure ldap. Create the same directory structure, if it doesn’t exist and create a file ldap-authentication.properties inside this directory:
/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
Copy the below content in this ldap-authentication.properties file:
ldap.authentication.active=true ldap.authentication.allowGuestLogin=true ldap.authentication.userNameFormat= ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389 ldap.authentication.java.naming.security.authentication=simple ldap.authentication.escapeCommasInBind=false ldap.authentication.escapeCommasInUid=false ldap.authentication.defaultAdministratorUserNames= ldap.authentication.authenticateFTP=true ldap.synchronization.active=true ldap.synchronization.java.naming.security.authentication=simple ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com ldap.synchronization.java.naming.security.credentials=secret ldap.synchronization.queryBatchSize=0 ldap.synchronization.attributeBatchSize=0 ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames) ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0}))) ldap.synchronization.personQuery=(objectclass\=inetOrgPerson) ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}))) ldap.synchronization.groupSearchBase=dc\=company,dc\=com ldap.synchronization.userSearchBase=dc\=company,dc\=com ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' ldap.synchronization.userIdAttributeName=uid ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.userLastNameAttributeName=sn ldap.synchronization.userEmailAttributeName=mail ldap.synchronization.userOrganizationalIdAttributeName=o ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider ldap.synchronization.groupIdAttributeName=cn ldap.synchronization.groupDisplayNameAttributeName=description ldap.synchronization.groupType=groupOfUniqueNames ldap.synchronization.personType=inetOrgPerson ldap.synchronization.groupMemberAttributeName=uniqueMember ldap.synchronization.enableProgressEstimation=true ldap.authentication.java.naming.read.timeout=0
Update the properties in ldap-authentication.properties file as per your LDAP configuration.
For Your Business Requirements
2 - 4 October 2024
Hall: 10, Booth: #B8 Brussels, Belgium