topic Re: LDAP integration issues in Alfresco Archive

LDAP integration issues

leonk — Fri, 17 Sep 2010 05:10:15 GMT

Hello,I'm facing LDAP + Alfresco configuration problem.This is what I've got in alfresco-global.properties:## LDAP configuration#authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldapldap.authentication.userNameFormat=uid=%sldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCt

Re: LDAP integration issues

mrojas73 — Mon, 20 Sep 2010 19:22:48 GMT

Here is my code, it should work, my test.admin account is in the test OU.

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.defaultAdministratorUserNames=admin
ldap.syncronization.active=true
ldap.authentication.java.naming.provider.url=ldap://172.16.10.10:389
ldap.authentication.userNameFormat=cn=%s,ou=test,ou=clients,ou=managed objects,dc=sample,dc=local
ldap.synchronization.java.naming.security.principal=test.admin@sample.local
ldap.synchronization.java.naming.security.credentials=123456
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.groupSearchBase=test=cet,ou=clients,ou=Managed Objects,dc=sample,dc=local
ldap.synchronization.userSearchBase=ou=test,ou=clients,ou=Managed Objects,dc=sample,dc=local
cifs.domain=sample.local

ldap.synchronization.import.cron=0 0 0/5 * * ?
ldap.authentication.allowGuestLogin=true
synchronization.synchronizeChangesOnly=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
ldap.synchronization.personQuery=objectClass=user
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.import.group.cron=0 2/5 * * * ?
ldap.synchronization.import.group.clearAllChildren=false

Re: LDAP integration issues

leonk — Mon, 20 Sep 2010 23:44:04 GMT

Thanks mrojas73,

But you're using AD and I'm using OpenLDAP ;(
So it's a bit different.

Re: LDAP integration issues

jturmelle — Thu, 23 Sep 2010 22:24:52 GMT

Hi Leon,

I think your problem is with the security.principal

You should be using the main ldap manager and password from your ldap configuration file: slapd.conf (look for rootdn). Your LDAP administrator can probably help you find that, if its not you.

Alternatively, perhaps someone who has global read/write privileges on the LDAP database (specifically the userPassword field) might work too. This is typically not one of the end users of the LDAP system.