Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integration with AD 2003

adnan_douglas
Champ in-the-making
Champ in-the-making

‎08-02-2009 09:45 AM

Can anyone can help me in Alfresco configuration and Integration with AD?
I need to allow the users to use their windows account to access Alfresco.
Perform SSO on alfresco V3.2

Regards,
Adnan
Labels:
0 Kudos
2 REPLIES 2

paulweb
Champ in-the-making
Champ in-the-making

‎08-02-2009 10:14 PM

view help alfresco 3.2. Your problem there is

my config system: Os win xp pro
configuration ldap (alfresco use openLdAP)
in global properties (file:alfresco-global.properties)
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
then in file tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap\ldap-authentication.properties
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@youdomain.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://xx.x.x.xx:389/DC=youdomain,DC=com?samaccountname?base?
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.principal=admin@youdomain.com
ldap.synchronization.java.naming.security.credentials=xxxxxxx #(password)
# following settings is synchronization but i am not config and i set false (maybe our ad use in groups russian names. openLDAP not working russian, only
# through base64. but i am testing query without groups, but not working synchronization   )
ldap.synchronization.active=true
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=organizationalUnit)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=organizationalUnit)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=organizationalPerson)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=organizationalPerson)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=DC\=youdomain,DC\=com
ldap.synchronization.userSearchBase=DC\=youdomain,DC\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎08-03-2009 05:37 AM

For your particular case, I would recommend the chain

authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap-ad

That way you can use the domain controller directly for authentication, and still synchronize user account details via LDAP.

See http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Example
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC