We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

« Back to Blogs

Alfresco Authentication and Synchronization with LDAP

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol which is used to access centrally stored information over a network. LDAP Server is mainly used as address book and authentication backend for various services.

 
Environment Details and Software Versions:
 
  • Ubuntu 12.04 LTS.
  • OpenLDAP 2.4.40.
  • Java Oracle 7.
  • Alfresco 5.0.d and Alfresco 5.1.e Community Edition.

Prerequisite:

  • Basic understanding of Alfresco and OpenLDAP terms / terminology is required to understand this blog.
     

Step-1: Install and configure OpenLDAP by following the below blog:

http://www.surekhatech.com/blog/install-and-configure-open-ldap-on-ubuntu


Step-2: Update Alfresco Global Properties:


Update /alfresco/tomcat/shared/classes/alfresco-­global.properties file with/for the following content:

authentication.chain=ldap1:ldap
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true

 

Step-3: OpenLDAP configuration in Alfresco:
 

Visit the below directory to configure ldap. Create the same directory structure, if  it doesn’t exist and create a file ldap­-authentication.properties inside this directory:
 

/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1


Copy the below content in this ldap­-authentication.properties file:
 

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.authentication.authenticateFTP=true

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com
ldap.synchronization.java.naming.security.credentials=secret

ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc\=company,dc\=com
ldap.synchronization.userSearchBase=dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

 

Update the properties in ldap­-authentication.properties file as per your LDAP configuration.
 

For more implementation details or support you may contact us at [email protected].

 
contact-us Request a callback WhatsApp