LDAP Authentication Configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-17-2011 02:38 PM
I'm currently using Alfresco Community 3.4.d on Ubuntu 10.04 server. And run Open-LDAP (v3) on separate server. Open-LDAP server uses MD5-CRYPT (MD5 based salted password hash) for password store. I want to configure user login by using Open-LDAP server.
I tried to configure by using wiki and forum post and few Alfresco related articles. None of those resources solve my problem (However Linux Terminal command gives relevant result). Anybody successfully configured and authenticating by using Open-LDAP server?
Could you please post the configurations and relevant files which I have to configure? (Is there any recompile requirements?)
This is a great help for me……
Thanks
- Labels:
-
Archive

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-17-2011 08:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2011 03:41 AM
I know the Open-LDAP structure (uid=myusername,ou=abc,dc=xyz,dc=com). I want to know what are the exact files witch I have to edit.
If you know please give what are files and configurations and can I do those configuration to currently ruining system, or do I have to recompile the source code.
Thanks

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2011 10:40 AM
Lastly, edit the repository.properties file… add ldap1:ldap to the chain (probably only has alfrescoNtlm on it?) to activate your ldap config.
restart, test…
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2011 02:06 PM
Alfresco Community 3.4.d
Ubuntu 10.04 server
Open-LDAP (No authentication required to username and password validation)
LDAP password MD5-CRYPT
Only required to authenticating by using Open-LDAP (No synchronization or SSO)
I had edited /subsystems/authentication/ldap/ldap-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=cn=%s, dc=xyz,dc=com
ldap.authentication.java.naming.provider.url=ldap://myldapserver:389
ldap.authentication.java.naming.security.authentication=simple
But I can’t login to system by using LDAP password (Alfresco password authentication successfully happen). So what else I have to do ????
It is great help if you could post the configurations.
Thanks

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2011 08:29 PM
# The default authentication chain
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2011 10:19 AM
ldap.authentication.userNameFormat=cn=%s, dc=xyz,dc=com
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=true
I have configure repository.properties and what is the mean of ldap1?
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2011 01:55 PM
If there is any guy who successfully integrated Open-LDAP, please post the steps. It is great help for me.
Thank you very much …..

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-26-2011 06:23 AM
for ldap i set this (for groups ldap need to support overlay memberof) :
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties
ldap.authentication.active=true
#personal choice, i always want everyone to login:
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=domain,dc=local
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<ldapservername>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=<user1>,<user2>
#this is set so all my groups and users will exist in alfresco, even if they have not yet signed in, so they can be invited easly to an new project(site)
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=admin,dc\=company,dc\=local
ldap.synchronization.java.naming.security.credentials=<typeadminuserpasswordhere>
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=company,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,dc\=company,dc\=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
for samba domain:
file: /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties
passthru.authentication.useLocalServer=false
passthru.authentication.domain=<shortdomainnameasisinfilesmb.conf>
passthru.authentication.servers=<domaincontroleripaddress>
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=<domainuser>
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
and lastly set autentication in:
file: /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
#ldap and samba domain support:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 */10 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-28-2011 09:31 AM
I have solved the problem. But there is another small issue yet.
ldap.authentication.userNameFormat=uid=%s,ou=abc,dc=xyz,dc=com
When I configured as above only abc users can login to the system.
ldap.authentication.userNameFormat=uid=%s,dc=xyz,dc=com
When I configured as above nobody can login to the system.
There are several ous. So how should I configure to login all the ous?
Thank you very much…….
