https://connect.hyland.com/t5/alfresco-archive/use-an-ldap-attribute-for-authentification-instead-of-the-dn/m-p/50351#M29203 <HTML><HEAD></HEAD><BODY><SPAN>we needed to authenticate against our LDAP directory where the user login has been saved as a unique attribute. </SPAN><BR /><SPAN>So our problem was Alfresco only permits to authenticate using the full user dn.</SPAN><BR /><SPAN>I've written this little code to resolve this.</SPAN><BR /><BR /><SPAN>1. first you have to set up the file "ldap-authentication-context.xml" like this, with your own values for seachBase and unique_LDAPattribute_name:</SPAN><BR /><PRE class="language-none line-numbers"><CODE> <BR />&lt;!– LDAP authentication configuration –&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl_ucl"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="LDAPInitialDirContextFactory"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="ldapInitialDirContextFactory"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="searchBase"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;ou=London,dc=company,dc=com&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="unique_LDAPattribute_name"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;uid&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>2. Then you compile and install the following class:</SPAN><A href="http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.java" rel="nofollow noopener noreferrer">http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.java</A><BR /><SPAN>Compiled code is available at: </SPAN><A href="http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.class" rel="nofollow noopener noreferrer">http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.class</A><BR /><BR /><SPAN>note: put the file in:</SPAN><BR /><SPAN>$TOMCAT/webapps/alfresco/WEB-INF/classes/org/alfresco/repo/security/authentication/ldap</SPAN><BR /><BR /><SPAN>3. restart tomcat</SPAN><BR /><BR /><SPAN>4. set </SPAN><BR /><SPAN>log4j.logger.org.alfresco.repo.security.authentication.ldap=debug</SPAN><BR /><SPAN>in log4J.properties will help you in case of problems</SPAN><BR /><BR /><BR /><SPAN>Hope this will help someones ….</SPAN><BR /><SPAN>Bernard.</SPAN></BODY></HTML> Mon, 27 Nov 2006 10:20:47 GMT bparis 2006-11-27T10:20:47Z https://connect.hyland.com/t5/alfresco-archive/use-an-ldap-attribute-for-authentification-instead-of-the-dn/m-p/50351#M29203 we needed to authenticate against our LDAP directory where the user login has been saved as a unique attribute. So our problem was Alfresco only permits to authenticate using the full user dn.I've written this little code to resolve this.1. first you have to set up the file "ldap-authentication-cont Mon, 27 Nov 2006 10:20:47 GMT https://connect.hyland.com/t5/alfresco-archive/use-an-ldap-attribute-for-authentification-instead-of-the-dn/m-p/50351#M29203 bparis 2006-11-27T10:20:47Z https://connect.hyland.com/t5/alfresco-archive/use-an-ldap-attribute-for-authentification-instead-of-the-dn/m-p/50352#M29204 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>Thanks for your post.</SPAN><BR /><BR /><SPAN>It is true that simple authentication must use the DN and looking up a user by some other attribute is very useful. However, it assumes you can bind anonymously and have access to read the required attributes.</SPAN><BR /><BR /><SPAN>Digest authentication can be used with the uid. For open ldap the query you have done is effectively done during the authentication process on the server, as opposed to before hand. I believe AD will accept the sAMAccountName but have not confirmed this on the many varients. </SPAN><BR /><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Thu, 30 Nov 2006 14:33:59 GMT https://connect.hyland.com/t5/alfresco-archive/use-an-ldap-attribute-for-authentification-instead-of-the-dn/m-p/50352#M29204 andy 2006-11-30T14:33:59Z