Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Community 5.0 with AD

karthikjaps
Champ in-the-making
Champ in-the-making

‎08-05-2015 09:37 AM

Hi , i am new to Alfersco , right now i install Alfresco Community 5.0 in my machine and testing to integerate my AD user with it , but i try some link which available in site, now its confused , can any one pls share some documentation for this current version AD Integration .

i have an doute on following this ,

1- while adding " authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm " in repository.properties , This repository.properties ws not exits in current version so i have to add in following location right ?

/opt/alfresco-5.0.d/tomcat/shared/classes# nano alfresco-global.properties

2-then i have to create folder in tomcat/webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication

ldap-ad-authentication.properties file in ldap-ad folder right ?

3-then i ldap-ad-authentication.properties , i add the following details for my AD integration this is correct ?

ldap.authentication.active=true
ldap.authentication.userNameFormat=uid=%s@example.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.provider.url=ldap://192.168.1.1:389

ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=reader,cn=users,dc=example,dc=demo,dc=com
ldap.synchronization.java.naming.security.credentials=13061111

dap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(objectclass\=user)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0}))

ldap.synchronization.groupSearchBase=dc=example,dc=demo,dc=com
ldap.synchronization.userSearchBase=dc=example,dc=demo,dc=com

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName

This is correct or anything i missed ?

its not working …when i try to login
Labels:
0 Kudos
1 REPLY 1

borisstankov
Champ in-the-making
Champ in-the-making

‎08-17-2015 08:56 AM

Try to use the same configuration directly in:
alfresco-global.properties
And delete the ldap properties file.

On the other hand I can see that:
ldap.authentication.userNameFormat=uid=%s@example.com
But I think it should be:
ldap.authentication.userNameFormat=%s@example.com

And this:
ldap.synchronization.java.naming.security.principal
Needs to be with the same format as the one before:
ldap.synchronization.java.naming.security.principal=Service_account@domain.com

Also: ldap.authentication.defaultAdministratorUserNames=admin

Anyhow, before you do all of this do you get any requests on the LDAP server side (use tcp dump or wireshare for example), also do you get requests after my pointers?

P.S. I never used those options in order my LDAP AD to work:
ldap.authentication.java.naming.factory.initial
ldap.authentication.escapeCommasInBind
ldap.authentication.escapeCommasInUid

Also it is good practise if you want to add those propertise for the sync:
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

ldap.synchronization.personType=user
ldap.synchronization.enableProgressEst

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC