https://connect.hyland.com/t5/alfresco-archive/authenticate-using-uid-as-ldap-attribute-questions/m-p/56020#M33770 <HTML><HEAD></HEAD><BODY><SPAN>I can authenticate against our ldap server with Community Alfresco 1.3.0, using this userNameFormat :</SPAN><BR /><SPAN>employeenumber=%s,ou=person,o=myuniversity,c=be</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;?xml version='1.0' encoding='UTF-8'?&gt;<BR />&lt;!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' '<A href="http://www.springframework.org/dtd/spring-beans.dtd" rel="nofollow noopener noreferrer">http://www.springframework.org/dtd/spring-beans.dtd</A>'&gt;<BR /><BR />&lt;beans&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;!– DAO that rejects changes - LDAP is read only at the moment –&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="proxyInterfaces"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;org.alfresco.repo.security.authentication.MutableAuthenticationDao&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;property name="transactionManager"&gt;<BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;ref bean="transactionManager" /&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/property&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;property name="target"&gt;<BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" /&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/property&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;property name="transactionAttributes"&gt;<BR />&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;props&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;prop key="*"&gt;${server.transaction.mode.default}&lt;/prop&gt;<BR />&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/props&gt;<BR />&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/property&gt;<BR /> &nbsp;&nbsp;&nbsp;&lt;/bean&gt;<BR /><BR />&nbsp;&nbsp;&nbsp; &lt;!– LDAP authentication configuration –&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="LDAPInitialDirContextFactory"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="ldapInitialDirContextFactory"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="userNameFormat"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!–<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This maps between what the user types in and what is passed through to the underlying LDAP authentication.<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "%s" - the user id is passed through without modification.<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Usually for simple authentication.<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR />&lt;value&gt;employeenumber=%s,ou=person,o=myuniversity,c=be&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;!–<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups<BR />&nbsp;&nbsp;&nbsp; to pull them out of the LDAP reopsitory<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; –&gt;<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; &lt;bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="initialDirContextEnvironment"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;map&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– The LDAP provider –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;entry key="java.naming.factory.initial"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;com.sun.jndi.ldap.LdapCtxFactory&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/entry&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– The url to the LDAP server –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– Note you can use space separated urls - they will be tried in turn until one works –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;entry key="java.naming.provider.url"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;ldap://192.168.251.20:389&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/entry&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– The authentication mechanism to use&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– Some sasl authentication mechanisms may require a realm to be set –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!–&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; java.naming.security.sasl.realm –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– The available options will depend on your LDAP provider –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;entry key="java.naming.security.authentication"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;simple&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– &lt;value&gt;DIGEST-MD5&lt;/value&gt; –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/entry&gt;<BR />&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/map&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR />&lt;/beans&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>The problem we have is the following: </SPAN><BR /><SPAN>we do not want to authenticate using the employeeNumber in the DN.&nbsp; We would like to use the user "uid" which is an attribute in our LDAP.</SPAN><BR /><BR /><SPAN>How could we do that ?</SPAN><BR /><BR /><SPAN>By the way: LDAP users' groups are not ldap nodes.&nbsp; They just stand as LDAP users' attributes.&nbsp;&nbsp; How could I map Alfresco users'groups with LDAP group attributes ?</SPAN><BR /><BR /><SPAN>Last question:</SPAN><BR /><SPAN>Are there (still?) any differences about ldap&nbsp; between community version and enterprise ?&nbsp; I've read in some old threads that ldap is not available in community version but I can see the ldap authentication works.</SPAN><BR /><BR /><BR /><SPAN>Thank's a lot.</SPAN><BR /><SPAN>Bernard</SPAN><BR /><SPAN>UCL - Belgium</SPAN></BODY></HTML> Thu, 09 Nov 2006 16:23:40 GMT bparis 2006-11-09T16:23:40Z https://connect.hyland.com/t5/alfresco-archive/authenticate-using-uid-as-ldap-attribute-questions/m-p/56020#M33770 I can authenticate against our ldap server with Community Alfresco 1.3.0, using this userNameFormat :employeenumber=%s,ou=person,o=myuniversity,c=be&lt;?xml version='1.0' encoding='UTF-8'?&gt;&lt;!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'&gt; Thu, 09 Nov 2006 16:23:40 GMT https://connect.hyland.com/t5/alfresco-archive/authenticate-using-uid-as-ldap-attribute-questions/m-p/56020#M33770 bparis 2006-11-09T16:23:40Z https://connect.hyland.com/t5/alfresco-archive/authenticate-using-uid-as-ldap-attribute-questions/m-p/56021#M33771 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>LDAP auth is available in community.</SPAN><BR /><BR /><SPAN>What you can do depends on your ldap server. If it support digest authentication you can use the uid. Which LDAP server are you using?</SPAN><BR /><BR /><SPAN>There is some help for setting up digest auth with open ldap here …</SPAN><A href="http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration</A><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Wed, 29 Nov 2006 10:28:31 GMT https://connect.hyland.com/t5/alfresco-archive/authenticate-using-uid-as-ldap-attribute-questions/m-p/56021#M33771 andy 2006-11-29T10:28:31Z