Hyland Connect

samudaya · ‎05-17-2011

Hi friends,

I'm currently using Alfresco Community 3.4.d on Ubuntu 10.04 server. And run Open-LDAP (v3) on separate server. Open-LDAP server uses MD5-CRYPT (MD5 based salted password hash) for password store. I want to configure user login by using Open-LDAP server.

I tried to configure by using wiki and forum post and few Alfresco related articles. None of those resources solve my problem (However Linux Terminal command gives relevant result). Anybody successfully configured and authenticating by using Open-LDAP server?

Could you please post the configurations and relevant files which I have to configure? (Is there any recompile requirements?)

This is a great help for me……

Thanks

gnyce · ‎05-17-2011

I have Alfresco 3.4d syncing/authentication against an openldap server. I would suggest you get an ldap browser - there are several free ones around, and peruse your structure. THat will help you figure out what properties, etc. you would utilize. The Wiki is also helpful for setting this up.

samudaya · ‎05-19-2011

Thanks for the reply.

I know the Open-LDAP structure (uid=myusername,ou=abc,dc=xyz,dc=com). I want to know what are the exact files witch I have to edit.

If you know please give what are files and configurations and can I do those configuration to currently ruining system, or do I have to recompile the source code.

Thanks

gnyce · ‎05-19-2011

I thought the wiki was pretty clear. From memory… under the /subsystems/authentication structure, there are folders for ldap, passthru, etc. In the ldap folder, there is a .properties file… ldap-authentication.properties perhaps. This is what you edit… specifying your server, ldap structure, authentication account, if you sync or not, etc. Go through it, there are pretty good explanations in the comments.

Lastly, edit the repository.properties file… add ldap1:ldap to the chain (probably only has alfrescoNtlm on it?) to activate your ldap config.

restart, test…

samudaya · ‎05-19-2011

Environment Condition
Alfresco Community 3.4.d
Ubuntu 10.04 server
Open-LDAP (No authentication required to username and password validation)
LDAP password MD5-CRYPT

Only required to authenticating by using Open-LDAP (No synchronization or SSO)

I had edited /subsystems/authentication/ldap/ldap-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=cn=%s, dc=xyz,dc=com
ldap.authentication.java.naming.provider.url=ldap://myldapserver:389
ldap.authentication.java.naming.security.authentication=simple

But I can’t login to system by using LDAP password (Alfresco password authentication successfully happen). So what else I have to do ????

It is great help if you could post the configurations.

Thanks

gnyce · ‎05-19-2011

I can't say whether that is enough of an ldap config, but - did you add ldap to the authentication chain? In repository.properties….

# The default authentication chain
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

samudaya · ‎05-20-2011

IS this line are ok or do I have to change any more ?

ldap.authentication.userNameFormat=cn=%s, dc=xyz,dc=com
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=true

I have configure repository.properties and what is the mean of ldap1?
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

samudaya · ‎05-20-2011

Hi,

If there is any guy who successfully integrated Open-LDAP, please post the steps. It is great help for me.

Thank you very much …..

adispivak · ‎05-26-2011

not only do i have setup ldap i also set up passthrough to make cifs work with our samba domain.
for ldap i set this (for groups ldap need to support overlay memberof) :
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties

ldap.authentication.active=true
#personal choice, i always want everyone to login:
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=domain,dc=local
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<ldapservername>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=<user1>,<user2>
#this is set so all my groups and users will exist in alfresco, even if they have not yet signed in, so they can be invited easly to an new project(site)
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=admin,dc\=company,dc\=local
ldap.synchronization.java.naming.security.credentials=<typeadminuserpasswordhere>
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=company,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,dc\=company,dc\=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

for samba domain:
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties

passthru.authentication.useLocalServer=false
passthru.authentication.domain=<shortdomainnameasisinfilesmb.conf>
passthru.authentication.servers=<domaincontroleripaddress>
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=<domainuser>
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

and lastly set autentication in:
file: /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
#ldap and samba domain support:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1

assthru,ldap1:ldap
# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 */10 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?

samudaya · ‎05-28-2011

Hi friends,

I have solved the problem. But there is another small issue yet.

ldap.authentication.userNameFormat=uid=%s,ou=abc,dc=xyz,dc=com
When I configured as above only abc users can login to the system.

ldap.authentication.userNameFormat=uid=%s,dc=xyz,dc=com
When I configured as above nobody can login to the system.

There are several ous. So how should I configure to login all the ous?

Thank you very much…….

Hyland Connect

LDAP Authentication Configuration