Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Authentication using binddn

kiko_
Champ in-the-making
Champ in-the-making

‎11-09-2010 12:46 PM

Hello

I'm using Alfresco 3.3 Enterprise (trial license) installed on a Ubuntu 10.04
I need to authenticate against an OpenLdap Server who does not allow simple bind.
If i want to do a simple query, need use a binddn.

A simple query example (on shell): 
# ldapsearch -x -v -b <searchbase> -D <dn_of_a_privileged_user> -H ldaps://<server>:636 -W <query>

I know that synchronization subsystem does not allow a simple (or anonymous) bind, and it's require a privileged user to do it, who we can set with:
ldap.synchronization.java.naming.security.principal
ldap.synchronization.java.naming.security.credentials


I have a question, It's possible to Authenticate users using a binddn?


Thanks, and sorry about my english.
Labels:
0 Kudos
1 REPLY 1

kiko_
Champ in-the-making
Champ in-the-making

‎11-11-2010 08:04 AM

Hello again,

If anyone is looking for a solution, there's a JIRA which explain ( better than me ) the problem.


searching the user DN and then authenticate using this DN.
….
This was fixed in v3.2r.
If you set ldap.authentication.userNameFormat to be empty (now the default for the ldap subsystem)
ldap.authentication.userNameFormat=
it will derive a query from your personQuery to look up a user by UID. So we can now support users in any structure you want.


As the JIRA describe, we need to set userNameFomat to empty.
In addition, we need to set

    ldap.synchronization.java.naming.security.principal=<privileged_user>
    ldap.synchronization.java.naming.security.credentials=<password_of_the_above>
    ldap.synchronization.userSearchBase=<search_base>
    ldap.synchronization.userIdAttributeName=<ldap's_user_uid>
ldap-authentication.properties.example:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldaps://<my_ldap_server>:636
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.active=false
ldap.synchronization.java.naming.security.principal=cn\=search_privileged_user,ou\=example_ou,dc\=example,dc\=com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.userSearchBase=ou\=example_ou,dc\=example,dc\=com
ldap.synchronization.userIdAttributeName=example_uid


It works!



Thanks to any interested, and sorry about my english.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC