OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol which is used to access centrally stored information over a network. LDAP Server is mainly used as address book and authentication backend for various services.
Environment Details and Software Versions:
- Ubuntu 12.04 LTS.
- OpenLDAP 2.4.40.
- Java Oracle 7.
- Alfresco 5.0.d and Alfresco 5.1.e Community Edition.
Prerequisite:
- Basic understanding of Alfresco and OpenLDAP terms / terminology is required to understand this blog.
Step-1: Install and configure OpenLDAP by following the below blog:
http://www.surekhatech.com/blog/install-and-configure-open-ldap-on-ubuntu
Step-2: Update Alfresco Global Properties:
Update /alfresco/tomcat/shared/classes/alfresco-global.properties file with/for the following content:
authentication.chain=ldap1:ldap
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
Step-3: OpenLDAP configuration in Alfresco:
Visit the below directory to configure ldap. Create the same directory structure, if it doesn’t exist and create a file ldap-authentication.properties inside this directory:
/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
Copy the below content in this ldap-authentication.properties file:
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.authentication.authenticateFTP=true
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc\=company,dc\=com
ldap.synchronization.userSearchBase=dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
Update the properties in ldap-authentication.properties file as per your LDAP configuration.
For more implementation details or support you may contact us at [email protected].
For professional paid support, you may contact us at [email protected] .