07-27-2007 09:50 AM
%s<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
<!– <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>false</value>
</property>
</bean> –>
<!– LDAP authentication configuration –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
</property>
</bean>
<!–
This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
to pull them out of the LDAP reopsitory
–>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<!– The LDAP provider –>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://127.0.0.1:389</value>
</entry>
<entry key="java.naming.security.authentication">
<value>SIMPLE</value>
</entry>
<entry key="java.naming.security.principal">
<value>cn=manager, dc=***,dc=******,dc=******,dc=***</value>
</entry>
<entry key="java.naming.security.credentials">
<value>******</value>
</entry>
</map>
</property>
</bean>
<!– Ldap Syncronisation support –>
<!– Extract user information from LDAP and transform this to XML –>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=inetOrgPerson)</value>
</property>
<property name="searchBase">
<value> dc=***,dc=******,dc=******,dc=***</value>
</property>
<property name="userIdAttributeName">
<value>cn</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>cn</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>o</value>
</entry>
<!– Always use the default –>
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>
<property name="attributeDefaults">
<map>
<entry key="cm:homeFolderProvider">
<value>personalHomeFolderProvider</value>
</entry>
</map>
</property>
</bean>
<!– Extract group information from LDAP and transform this to XML –>
<bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
<property name="groupQuery">
<value>(objectclass=groupOfNames)</value>
</property>
<property name="searchBase">
<value> dc=***,dc=******,dc=******,dc=***</</value>
</property>
<property name="userIdAttributeName">
<value>cn</value>
</property>
<property name="groupIdAttributeName">
<value>cn</value>
</property>
<property name="groupType">
<value>groupOfNames</value>
</property>
<property name="personType">
<value>inetOrgPerson</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="memberAttribute">
<value>member</value>
</property>
<!– <property name="authorityDAO">
<ref bean="authorityDAO"/>
</property> –>
</bean>
<bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport"/>
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>3000</value>
</property>
<property name="repeatInterval">
<value>3600000</value>
</property>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapGroupImport"/>
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>3000</value>
</property>
<property name="repeatInterval">
<value>3600000</value>
</property>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<!– The bean that imports xml describing people –>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource"/>
</property>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<property name="caches">
<set>
<ref bean="permissionsAccessCache"/>
</set>
</property>
</bean>
<!– The bean that imports xml descibing groups –>
<bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="exportSource">
<ref bean="ldapGroupExportSource"/>
</property>
<property name="storeRef">
<value>${alfresco_user_store.store}</value>
</property>
<property name="path">
<value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
</property>
<property name="clearAllChildren">
<value>true</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<property name="caches">
<set>
<ref bean="userToAuthorityCache"/>
<ref bean="permissionsAccessCache"/>
</set>
</property>
</bean>
</beans>
Et afin de créer, lors de la synchronisation, les espaces associés aux utilisateurs, dans l’espace « Espaces utilisateurs », <!– LDAP authentication configuration –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
</property>
</bean>
• Utiliser le fichier chaining-authentication-context.xml<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplLDAP"/>
</list>
</property>
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
</bean>
<!– Alfresco Auth –>
<bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
<bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>
<!– LDAP Auth –>
<bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoLDAP" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplLDAP" />
</property>
</bean>
<bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
</property>
</bean>
<bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
</beans>
Mon but est à la fois d’avoir l’authentification ldap et l’authentification utilisateurs crées et donc avec mon administrateur alfresco. 07-27-2007 10:32 AM
• L’identification ldap fonctionne mais l’utilisateur n’arrive pas sur son espace perso dans « Espaces utilisateurs » mais à la place un nouvel espace perso est créé à la base l’arborescence des espaces. D’où vient ce problème ? A mon avis la modif du path de « personalHomeFolderProvider » ne doit pas être la seule modif à faire.Tu retrouves bien TOUS les utilisateurs de ton annuaire ou seulement ceux qui ce sont authentifiés sur Alfresco ?
• J’ai perdu mon utilisateur Alfresco « administrateur », et puis je voudrais aussi créer d’autres utilisateurs (hors ldap).Donc je pense devoir me tourner vers le fichier « chaining-authentication-context.xml».Ceci arrive quand la propriété clearAllChildren du bean ldapPeopleImport est à True, mais ce n'est pas ton cas donc je ne sais pas comment cela a pu arriver
• Utiliser le fichier chaining-authentication-context.xmlTu n'es pas obligé de recopier les bean authenticationDaoLDAP et authenticationComponentImplLDAP du fichier ldap-authentication-context.xml vers le fichier chaining-authentication-context.xml. Tu peux juste les renommer dans ldap-authentication-context.xml et y faire référence dans chaining-authentication-context.xml. Ca n'aide pas pour résoudre ton problème, mais c'est plus "propre"
• Je retrouve mon authentification administrateur alfresco mais perd mon authentification ldapDonc tu as bien un utilisateur administrateur ? Il n'a pas été perdu… Et la synchro fonctionne toujours ?
07-27-2007 11:12 AM
Bonjour,Pardon, en fait je n'ai d'abord fait que la synchro où je retrouvais tous mes espaces utilisateurs et mes groupes. Puis apres, j'ai ajouté l'authentification
• L’identification ldap fonctionne mais l’utilisateur n’arrive pas sur son espace perso dans « Espaces utilisateurs » mais à la place un nouvel espace perso est créé à la base l’arborescence des espaces. D’où vient ce problème ? A mon avis la modif du path de « personalHomeFolderProvider » ne doit pas être la seule modif à faire.
Tu retrouves bien TOUS les utilisateurs de ton annuaire ou seulement ceux qui ce sont authentifiés sur Alfresco ?
<!– LDAP authentication configuration –>Et à ce moment là je retrouve seulement ceux qui ce sont authentifiés sur Alfresco.
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
</property>
</bean>
• J’ai perdu mon utilisateur Alfresco « administrateur », et puis je voudrais aussi créer d’autres utilisateurs (hors ldap).Donc je pense devoir me tourner vers le fichier « chaining-authentication-context.xml».Je vois pas comment clearAllChildren du bean ldapPeopleImport peut jouer sur l'administrateur d'alfresco ?
Ceci arrive quand la propriété clearAllChildren du bean ldapPeopleImport est à True, mais ce n'est pas ton cas donc je ne sais pas comment cela a pu arriver
• Je retrouve mon authentification administrateur alfresco mais perd mon authentification ldapBen c'est le probleme, quand j'ai juste le fichier ldap-authentication-context.xml avec l'authentification ldap, je perds l'administrateur, et quand j'essaies le chaining, je le retrouve. Et oui la synchro marche.
Donc tu as bien un utilisateur administrateur ? Il n'a pas été perdu… Et la synchro fonctionne toujours ?
07-30-2007 03:09 AM
07-30-2007 04:38 AM
<!– If true, clear all existing people before import, if false update/add people from the xml –>Si tu actives l'authentification ldap, tu ne peux plus authentifier les utilisateurs internes Alfresco (ex: admin). Et si en plus tu as clearAllChildren à true, alors les utilisateurs admin et guest sont supprimés d'Alfresco…
<property name="clearAllChildren">
<value>false</value>
</property>
07-30-2007 09:02 AM
Qu'appelles-tu "perdre l'utilisateur Alfresco « administrateur »" ? Il n'est plus dans la liste des utilisateurs ? Tu ne peux plus t'authentifier avec cet utilisateur ?Je ne peut plus m'authentifier avec cet utilisateur. Mais ceci est normal puisque j'active l'authentification ldap.
Si tu actives l'authentification ldap, tu ne peux plus authentifier les utilisateurs internes Alfresco (ex: admin)Je pense, sans me tromper, que le fichier chaining-authentication-context.xml autorise plusieurs authentification ?
07-30-2007 09:59 AM
07-31-2007 04:16 AM
aucun commentaire sur mon fichier chaining-authentication-context.xml ?Non, il semble correct.
07-31-2007 05:02 AM
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept">
<value>true</value>
</property>
</bean>
Entre temps je suis passé à la version 2.1<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean name="personalLDAPHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
</property>
<property name="ownerPemissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPemissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<!– The LDAP provider –>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://127.0.0.1:389</value>
</entry>
<entry key="java.naming.security.authentication">
<value>SIMPLE</value>
</entry>
<entry key="java.naming.security.principal">
<value>cn=manager, dc=xxx,dc=xxx,dc=xxx,dc=xxx</value>
</entry>
<entry key="java.naming.security.credentials">
<value>xxx</value>
</entry>
</map>
</property>
</bean>
<!– Ldap Syncronisation support –>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=inetOrgPerson)</value>
</property>
<property name="searchBase">
<value>dc=xxx,dc=xxx,dc=xxx,dc=xxx</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<!– Services –>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>uid</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>o</value>
</entry>
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>
<property name="attributeDefaults">
<map>
<entry key="cm:homeFolderProvider">
<value>personalLDAPHomeFolderProvider</value>
</entry>
</map>
</property>
</bean>
<!– Extract group information from LDAP and transform this to XML –>
<bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
<property name="groupQuery">
<value>(objectclass=groupOfNames)</value>
</property>
<property name="searchBase">
<value>dc=xxxdc=xxx,dc=xxx,dc=xxx</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<property name="groupIdAttributeName">
<value>cn</value>
</property>
<property name="groupType">
<value>groupOfNames</value>
</property>
<property name="personType">
<value>inetOrgPerson</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="memberAttribute">
<value>member</value>
</property>
<property name="authorityDAO">
<ref bean="authorityDAO"/>
</property>
</bean>
<bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport"/>
</entry>
</map>
</property>
</bean>
</property>
<!– Start after 5 minutes of starting the repository –>
<property name="startDelay">
<value>3000</value>
</property>
<!– Repeat every hour –>
<property name="repeatInterval">
<value>3600000</value>
</property>
<!– Commented out to disable –>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapGroupImport"/>
</entry>
</map>
</property>
</bean>
</property>
<!– Start after 5 minutes of starting the repository –>
<property name="startDelay">
<value>3000</value>
</property>
<!– Repeat every hour –>
<property name="repeatInterval">
<value>3600000</value>
</property>
<!– Commented out to disable –>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<!– The bean that imports xml describing people –>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource"/>
</property>
<!– The store that contains people - this should not be changed –>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<!– The location of people nodes within the store defined above - this should not be changed –>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<!– If true, clear all existing people before import, if false update/add people from the xml –>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<property name="caches">
<set>
<ref bean="permissionsAccessCache"/>
</set>
</property>
</bean>
<!– The bean that imports xml descibing groups –>
<bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="exportSource">
<ref bean="ldapGroupExportSource"/>
</property>
<!– The store that contains group information - this should not be changed –>
<property name="storeRef">
<value>${alfresco_user_store.store}</value>
</property>
<!– The location of group information in the store above - this should not be changed –>
<property name="path">
<value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
</property>
<!– If true, clear all existing groups before import, if false update/add groups from the xml –>
<property name="clearAllChildren">
<value>true</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
<!– caches to clear on import of groups –>
<property name="caches">
<set>
<ref bean="userToAuthorityCache"/>
<ref bean="permissionsAccessCache"/>
</set>
</property>
<!– userToAuthorityCache –>
</bean>
</beans>
chaining-authentication-context.xml<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>false</value>
</property>
</bean>
<!– Simple Authentication component that rejects all authentication requests –>
<!– Use this defintion for Novell IChain integration. –>
<!– It should never go to the login screen so this is not required –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept">
<value>true</value>
</property>
</bean>
<!– Chaining –>
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplLDAP"/>
</list>
</property>
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
</bean>
<!– Alfresco Auth –>
<bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
<bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="allowGuestLogin">
<value>false</value>
</property>
</bean>
<!– LDAP Auth –>
<bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoLDAP" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplLDAP" />
</property>
</bean>
<bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s, ou=internes, ou=personnes, dc=xxx,dc=xxx,dc=xxx,dc=xxx</value>
</property>
</bean>
<bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
</beans>
Merci
07-31-2007 05:37 AM
Mais j’ai toujours des problèmes :Ceci est dû à la définition du bean suivant :
. Même si je ne donne pas le bon mot de passe, l’authentification passe quand même.
. Si j’essaie de m’authentifier avec un utilisateur inconnu (ni LDAP ni Interne Alfresco), il se connecte et un nouvel espace est créé à la racine de l’arborescence. (Par ex avec un utilisateur quelconque « toto » et mdp « toto »)
En utilisant ce bean, tu dis explicitement que tu acceptes tout le monde quelque soit le login ou le mot de passe. Je te conseille donc de ne pas l'utiliser.<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept">
<value>true</value>
</property>
</bean>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplLDAP"/>
</property>
C'est le genre d'erreur pas facile à voir du premier coup d'oeil Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.