Hyland Connect

simon · ‎04-06-2006

Hi,

We use Alfresco Enterprise 1.2 and are still trying to fix the LDAP authentification.

We have internal and external users (employees and clients) that should access the Alfresco system. Both user groups are maintained in a different LDAP (Active Directory and OpenLDAP).

Alfresco only supports ONE LDAP at the moment so we tried to find a workaround for this problem. Best solution seems to use LDAP referrals.

Alfresco is configured to use host 1 (OpenLDAP in our case), host 1 has a referal to some OU in host 2 (our Active Directory):

[img]http://www.jnsa.org/mpki/ts/image_ref.png[/img]
Image found on jnsa.org

When we use Linux to authenticate cn=B1 against host 1, the request is redirected to the second host and resolved there. Alfresco doesn't seem to do this, it never forwards the request to host 2.

Could someone help me out here? Is this supported in Alfresco and if so, how should we configure it. If not… are there any plans in the near future?

PS: Java seems to support this: Referral.

Thanks!

simon · ‎04-26-2006

Andy,

We have 2 options now: authentication chaining and the other solution where we store our internals together with the externals in one OU in OpenLDAP. OpenLDAP is used for authentication in this second case but when an internal is found the password is looked up on Active Directory by using SASL and Kerberos.

Referrals aren't working but that's fine for now.

About the models… We are still deciding which model to choose for our OpenLDAP (we have an AD but want a new LDAP to store the external users). We wont use the AD model in OpenLDAP and the default OpenLDAP scheme doesn't allow empty groups. We are thinking to use the NIS scheme for OpenLDAP but this still needs some thoughts first.

andy · ‎04-26-2006

Hi Simon

Can you point me at the NIS schema?

Is this the Solaris style NIS/NIS+ model.

Regards

Andy

Hyland Connect

Alfresco ignores LDAP referrals