Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Chaining multiple LDAP (ADS) Servers

goldbaer
Champ in-the-making
Champ in-the-making

‎05-22-2007 06:16 AM

Hi there,

I am currently running Alfresco 2.0 and already configured it to use an LDAP (Active Directory) Server for authentication. (Simple Mode)

Now I want to look up the user on a second server if authentication on the first LDAP-Server didn' t work.  This works fine as long as the userNameFormat is exactly the same like

cn=%s,ou=London,dc=company,dc=com

But what if the userNameFormat is different on those two Servers?

I tried to figure it out by reading the Forums or the Wiki but could't find anything helpful..

Any help would be greatly appreciated.

Thanks!
Labels:
0 Kudos
8 REPLIES 8

andy
Champ on-the-rise
Champ on-the-rise

‎09-17-2007 06:37 AM

Hi

This is possible using chaining authentication.

Andy
0 Kudos

robertoroberto
Champ in-the-making
Champ in-the-making

‎09-17-2007 09:54 AM

andy, your help is never useful :evil:
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎09-17-2007 11:57 AM

Hi

You need to setup alfresco chaining authentication against two LDAP servers. So you need to duplicate all the beans for LDAP authentication (and import if you want it), giving them all different names and wire them up in another stack - one stack of beans for each LDAP server. You then need to create an authentication service bean for each stack, and then wire these up in the chaining authentication service. See the basic chaining authentication example in the extensions directory.

It is much easier to test if you set it up without import and add that later.

One of the stacks needs to define the authenticationComponent bean or you will have some issues loading users as it will use the default Alfresco implementation - this is fixed in the current code as a chaining authentication component has been added and can be used to over-ride this bean.

Andy
0 Kudos

robertoroberto
Champ in-the-making
Champ in-the-making

‎09-27-2007 06:23 AM

I have modified chaining uthentication but It don't works.
no problems at deployment, but authentication for
"uid=%s,o=shakevirtualenterprise" fails
(sorry for my english)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
   <!– Chaining –>
   <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
      <property name="mutableAuthenticationService">
         <ref bean="authenticationServiceImplAlfresco"/>
      </property>
      <property name="authenticationServices">
         <list>
            <ref bean="authenticationServiceImplLDAP"/>
            <ref bean="authenticationServiceImplLDAPdue"/>
         </list>
      </property>
   </bean>
   <!– Alfresco Auth –>
   <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoAlfresco"/>
      </property>
      <!– <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property> –>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentImplAlfresco"/>
      </property>
   </bean>
   <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
      <property name="nodeService">
         <ref bean="nodeService"/>
      </property>
      <property name="dictionaryService">
         <ref bean="dictionaryService"/>
      </property>
      <property name="namespaceService">
         <ref bean="namespaceService"/>
      </property>
      <property name="searchService">
         <ref bean="searchService"/>
      </property>
      <property name="userNamesAreCaseSensitive">
         <value>${user.name.caseSensitive}</value>
      </property>
      <property name="passwordEncoder">
         <ref bean="passwordEncoder"/>
      </property>
   </bean>
   <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoAlfresco"/>
      </property>
      <property name="authenticationManager">
         <ref bean="authenticationManager"/>
      </property>
      <property name="allowGuestLogin">
         <value>true</value>
      </property>
   </bean>
      <!– LDAP Auth –>
   <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoLDAP"/>
      </property>
      <property name="ticketComponent">
         <ref bean="ticketComponent"/>
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentImplLDAP"/>
      </property>
   </bean>
   <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
      <property name="LDAPInitialDirContextFactory">
         <ref bean="ldapInitialDirContextFactory"/>
      </property>
      <property name="userNameFormat">
         <value>idvirtualenterprise=%s,node=virtualenterprises,o=shakevirtualenterprise</value>
      </property>
   </bean>
   <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
   <bean id="authenticationServiceImplLDAPdue" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoLDAP"/>
      </property>
      <property name="ticketComponent">
         <ref bean="ticketComponent"/>
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentImplLDAPdue"/>
      </property>
   </bean>
   <bean id="authenticationComponentImplLDAPdue" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
      <property name="LDAPInitialDirContextFactory">
         <ref bean="ldapInitialDirContextFactory"/>
      </property>
      <property name="userNameFormat">
         <value>uid=%s,o=shakevirtualenterprise</value>
      </property>
   </bean>
</beans>


Can you help me?
0 Kudos

robertoroberto
Champ in-the-making
Champ in-the-making

‎09-28-2007 05:55 AM

i want to have two user types (with different userName format) on the same LDAP server. How can I do?
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎10-15-2007 11:59 AM

Hi

Use chaining and define two stacks of beans for LDAP authentication - they do not need to use the same user name pattern or authentication context.

Andy
0 Kudos

robertoroberto
Champ in-the-making
Champ in-the-making

‎10-16-2007 07:34 AM

I don't understand.
Can you post an exmple?
0 Kudos

braulio_moura
Champ in-the-making
Champ in-the-making

‎06-06-2008 08:19 AM

Hi roberto roberto !!!

I'm trying to configure my Alfresco environment too!!!  (What a hard work!!!!)

Right now I'm facing the same questions that you have posted…  Have you accomplished this task??

I've already configured my Alfresco server to authenticat throught LDAP  (it's working fine!!!). But now I have to configure it to authenticate through LDAP on multiple ADs …

have you got some useful information?? I've read a lot of threads and wikis, but no one seems to explain clearly waht must be done..

Thanks in advance!!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC