topic Alfresco CIFS Authenticator for openLDAP Users in Alfresco Forum https://connect.hyland.com/t5/alfresco-forum/alfresco-cifs-authenticator-for-openldap-users/m-p/2841#M797 <HTML><HEAD></HEAD><BODY><P>Actually, Alfresco provides some CIFS authenticators (passthru, ntlm...), but not for a LDAP subsystem. To solve this problem, we have implemented a component that allows you to use CIFS with openLDAP users.</P><P></P><TABLE class="j-table jiveBorder" style="border: 1px solid #c6c6c6;" width="100%"><THEAD><TR style="background-color: #efefef;"><TH style="width: 19.5066%;"></TH><TH style="width: 78.7972%;"></TH></TR></THEAD><TBODY><TR><TD style="width: 19.5066%;">Owner</TD><TD style="width: 78.7972%;"><B>Cesar Capillas</B>‌</TD></TR><TR><TD style="width: 19.5066%;">Versions</TD><TD style="width: 78.7972%;"><P>Community 3.4.x</P><P>Community 4.0.x</P><P>Community 4.2.x</P><P>Community 5.0.x</P><P>Enterprise 3.4.x</P><P>Enterprise 4.0.x</P><P>Enterprise 4.1.x</P><P>Enterprise 4.2.x</P></TD></TR><TR><TD style="width: 19.5066%;">License Type</TD><TD style="width: 78.7972%;">Proprietary</TD></TR><TR><TD style="width: 19.5066%;">Project Page</TD><TD style="width: 78.7972%;"><A class="link-titled" href="http://www.zylk.net/web/guest/web-2-0/blog/-/blogs/alfresco-cifs-authenticator-for-openldap-users-addon" title="http://www.zylk.net/web/guest/web-2-0/blog/-/blogs/alfresco-cifs-authenticator-for-openldap-users-addon" rel="nofollow noopener noreferrer">- Alfresco CIFS authenticator for openLDAP users addon - zylk</A>&nbsp;</TD></TR><TR><TD style="width: 19.5066%;">Download Page</TD><TD style="width: 78.7972%;"><A class="link-titled" href="http://www.zylk.net/en/web/guest/alfresco-form" title="http://www.zylk.net/en/web/guest/alfresco-form" rel="nofollow noopener noreferrer">Contact - zylk</A>&nbsp;</TD></TR><TR><TD style="width: 19.5066%;">Tags</TD><TD style="width: 78.7972%;">zylk.net, authenticator, subsystem, repository, cifs, samba, openldap</TD></TR><TR><TD style="width: 19.5066%;">Component Type</TD><TD style="width: 78.7972%;">Integration</TD></TR><TR><TD style="width: 19.5066%;">Extension Points</TD><TD style="width: 78.7972%;">Authenticator</TD></TR><TR><TD style="width: 19.5066%;">Installation</TD><TD style="width: 78.7972%;">AMP, Manual</TD></TR><TR><TD style="width: 19.5066%;">Products</TD><TD style="width: 78.7972%;">Repository</TD></TR></TBODY></TABLE><P></P><P><STRONG>Installation Guide:</STRONG> The installation is tracked via AMP package. Stop Alfresco, copy the file in ${ALF_HOME}/amps and use ${ALF_HOME}/bin/apply_amps script to install de AMP.</P><P></P><P>Then copy configuration files to the extension directory:</P><P></P><P><CODE> ${ALF_HOME}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication-context.xml ${ALF_HOME}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication.properties </CODE></P><P></P><P>In alfresco-global.properties, an example of authentication chain can be:</P><P></P><P><CODE> authentication.chain=alfrescoNtlm1:alfrescoNtlm,myldap:ldap,ldapSamba1:ldapSamba </CODE></P><P></P><P>Note that not all the protocols can be chained, so in order to use the LDAP Samba subsystem, the other CIFS-able subsystems must be deactivated (only one of the subsystems can use CIFS - in fact the first one in the chain):</P><P></P><P><CODE>alfresco.authentication.authenticateCIFS=false </CODE></P><P><CODE>passthru.authentication.authenticateCIFS=false </CODE></P><P></P><P>An example of custom properties are:</P><P></P><P><CODE> # LDAP Connection properties </CODE></P><P><CODE>ldap.samba.authentication.java.naming.provider.url=ldap://ldap.example.com:389 ldap.samba.authentication.base=dc=example,dc=com </CODE></P><P><CODE>ldap.samba.authentication.userbase=ou=People </CODE></P><P><CODE># The user defined below must be able to execute user search querys in LDAP (administrator) ldap.samba.java.naming.security.principal=cn=admin,dc=example,dc=com ldap.samba.java.naming.security.credentials=secret </CODE></P><P></P><P><STRONG>IMPORTANT:</STRONG> Each LDAP user needs to store the password as an MD4 hash and we will solve this by adding a sambaSamAccount object class to the user profile. This object class and its attributes are defined in the samba.schema file, which is part of the samba-doc package. To install this new schema, have a look at the documentation for your Linux distribution in the sections talking about how to add an LDAP schema to OpenLDAP. And finally, restart your Alfresco instance.</P></BODY></HTML> Thu, 14 Jun 2018 00:36:34 GMT alfresco 2018-06-14T00:36:34Z Alfresco CIFS Authenticator for openLDAP Users https://connect.hyland.com/t5/alfresco-forum/alfresco-cifs-authenticator-for-openldap-users/m-p/2841#M797 Actually, Alfresco provides some CIFS authenticators (passthru, ntlm...), but not for a LDAP subsystem. To solve this problem, we have implemented a component that allows you to use CIFS with openLDAP users.OwnerCesar Capillas‌VersionsCommunity 3.4.xCommunity 4.0.xCommunity 4.2.xCommunity 5.0.xEnter Thu, 14 Jun 2018 00:36:34 GMT https://connect.hyland.com/t5/alfresco-forum/alfresco-cifs-authenticator-for-openldap-users/m-p/2841#M797 alfresco 2018-06-14T00:36:34Z