Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

howto Alfresco with existing LDAP server?

smkhawaja
Champ in-the-making
Champ in-the-making

‎02-19-2010 05:06 AM

Hi Guys,

I have managed to install Alfresco on RHEL. Alfresco is running on tomcat. As of now its working as anonymous user. We have an ldap server on the same network how can I authenticate all users from existing Ldap server?

Waiting for an urgent response please.

Thanks

Soh
Labels:
0 Kudos
7 REPLIES 7

zaizi
Champ in-the-making
Champ in-the-making

‎02-19-2010 05:23 AM

Did you read the Alfresco wiki?

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#LDAP
0 Kudos

smkhawaja
Champ in-the-making
Champ in-the-making

‎02-19-2010 05:44 AM

Thanks let me go through.

Soh
0 Kudos

smkhawaja
Champ in-the-making
Champ in-the-making

‎02-19-2010 06:59 AM

Hi zaizi,

Which file exactly needed to be edited?
/opt/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml

/opt/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication-context.xml
/opt/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties

Will I have to give the ldap existing server's details?

Soh
0 Kudos

smkhawaja
Champ in-the-making
Champ in-the-making

‎02-19-2010 12:19 PM

Hi guys, I have edited this file /opt/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties but dosen't seems to be working, may be alfresco is not reading this file. As I had to move aalfresco-global.properties to /opt/tomcat/lib and then it worked fine.

here is my "/opt/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties"


#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#


# How to map the user id entered by the user to taht passed through to LDAP

# - simple

#    - this must be a DN and would be something like

#      CN=%s,DC=company,DC=com

# - digest

#    - usually pass through what is entered

#      %s    

ldap.authentication.userNameFormat=%s

# The LDAP context factory to use

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server

ldap.authentication.java.naming.provider.url=ldap://192.168.8.10:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=SVC_ALF

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=SVC_ALF

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=uid\=SVC_ALF,dc\=companydomain,dc\=com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=12345


###########

Now when I try to log in on http://localhost:8080/alfresco it comes up with user/name password not valid. Nothing is in catalina.out. 
Any idea why it is not working?

Many thanks

Soh
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎03-01-2010 07:52 AM

Do not edit files under WEB-INF. Go read http://wiki.alfresco.com/wiki/Repository_Configuration#Global_Property_Overrides and then http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems

The first line you will need in alfresco-global.properties is

authentication.chain=ldap1:ldap

Which will add the LDAP subystem into your chain.

There is no such setting as ldap.authentication.java.naming.security.principal in v3.2. If you get your ldap.synchronization.userSearchBase correct and leave ldap.authentication.userNameFormat empty, then LDAP sync will automatically resolve your users' UIDs from their DNs using a secondary lookup.
0 Kudos

smkhawaja
Champ in-the-making
Champ in-the-making

‎03-02-2010 07:05 AM

Hi dward,

I am facing a strange issue.

I am using this ldap.authentication.userNameFormat as mentioned below
ldap.authentication.userNameFormat=CN=%s,ou=Alfresco_West,dc=dare,dc=local
in ldap authentication file
"/opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties"

Its really strange, few users are able to authenticate while others or not. Any idea why? or how can I troubleshoot it?

Thanks in advance.

Soh
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎03-02-2010 07:21 AM

Please don't cross post. http://forums.alfresco.com/en/viewtopic.php?f=9&t=25387&p=82538
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC