Alfresco Authentication and Synchronization with LDAP

blog-banner

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol which is used to access centrally stored information over a network. LDAP Server is mainly used as address book and authentication backend for various services.

Environment Details and Software Versions:

  • Ubuntu 12.04 LTS.
  • OpenLDAP 2.4.40.
  • Java Oracle 7.
  • Alfresco 5.0.d and Alfresco 5.1.e Community Edition.

Prerequisite:

  • Basic understanding of Alfresco and OpenLDAP terms / terminology is required to understand this blog.
     

Step-1: Install and configure OpenLDAP by following the below blog:

http://www.surekhatech.us/blog/install-and-configure-open-ldap-on-ubuntu

Step-2: Update Alfresco Global Properties:

Update /alfresco/tomcat/shared/classes/alfresco-­global.properties file with/for the following content:

		authentication.chain=ldap1:ldap
		synchronization.synchronizeChangesOnly=false
		synchronization.syncWhenMissingPeopleLogIn=true
		synchronization.syncOnStartup=true

Step-3: OpenLDAP configuration in Alfresco:  

Visit the below directory to configure ldap. Create the same directory structure, if  it doesn’t exist and create a file ldap­-authentication.properties inside this directory:
 

/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1


Copy the below content in this ldap­-authentication.properties file:
 

		ldap.authentication.active=true
		ldap.authentication.allowGuestLogin=true
		ldap.authentication.userNameFormat=
		ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
		ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389
		ldap.authentication.java.naming.security.authentication=simple
		
		ldap.authentication.escapeCommasInBind=false
		ldap.authentication.escapeCommasInUid=false
		ldap.authentication.defaultAdministratorUserNames=
		ldap.authentication.authenticateFTP=true 
		ldap.synchronization.active=true
		ldap.synchronization.java.naming.security.authentication=simple
		ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com
		ldap.synchronization.java.naming.security.credentials=secret
		
		ldap.synchronization.queryBatchSize=0
		ldap.synchronization.attributeBatchSize=0
		ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
		ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
		ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
		ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
		ldap.synchronization.groupSearchBase=dc\=company,dc\=com
		ldap.synchronization.userSearchBase=dc\=company,dc\=com
		ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
		ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' 
		ldap.synchronization.userIdAttributeName=uid
		ldap.synchronization.userFirstNameAttributeName=givenName
		ldap.synchronization.userLastNameAttributeName=sn
		ldap.synchronization.userEmailAttributeName=mail
		ldap.synchronization.userOrganizationalIdAttributeName=o
		ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
		ldap.synchronization.groupIdAttributeName=cn
		ldap.synchronization.groupDisplayNameAttributeName=description
		ldap.synchronization.groupType=groupOfUniqueNames
		ldap.synchronization.personType=inetOrgPerson
		ldap.synchronization.groupMemberAttributeName=uniqueMember
		ldap.synchronization.enableProgressEstimation=true
		ldap.authentication.java.naming.read.timeout=0

Update the properties in ldap­-authentication.properties file as per your LDAP configuration.

Contact us

For Your Business Requirements

Text to Identify Refresh CAPTCHA
Background Image Close Button

2 - 4 October 2024

Hall: 10, Booth: #B8 Brussels, Belgium