Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP configuration

jnarbonne
Champ in-the-making
Champ in-the-making

‎10-20-2015 12:30 PM

Hello,

I'm new on alfresco and Unix OS,

I'm installing an alfresco community 5.0d (complete install via [package].bin) on debian and i m'configuring connection to the ldap.

To be clear, if connection with ldap failed, i want user can connect in local.

But ldap conf is not working for the moment.

Someone could help me please?

Current state:

I create an ldap-authentication.properties in
/opt/alfresco-5.0.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap1/
/opt/alfresco-5.0.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap2/

and i make a copy of this two conf file in

/opt/alfresco-5.0.d/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/
/opt/alfresco-5.0.d/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap2/


ldap-authentication.properties [LDAP1] file is for connection to ldap server
ldap-authentication.properties [LDAP2] file is for local connection if server can't connect to ldap server

flows to ldap server are ok on 389

I configure also alfresco-global.properties with the following parameters:

<code>
###Authentification LDAP
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,ldap2:ldap

## When TESTING, set synchronizeChangesOnly to false
## - this will give FULL synchronization for scheduled synchs
synchronization.synchronizeChangesOnly=false
## Set up regular synchronization with the LDAP server ##
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
# When TESTING, synchronise every 5 minutes
# secs min hour dom mon dow
synchronization.import.cron=0 */5 * * * ?
<code>

Some help is welcome from experiment people Smiley Happy

If someone can explain a bit the minima configuration to use to work, that will be wonderfull Smiley Happy

Thanks in advance,

J
Labels:
0 Kudos
7 REPLIES 7

jnarbonne
Champ in-the-making
Champ in-the-making

‎10-20-2015 12:37 PM

about path /opt/alfresco-5.0.d/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/,

directories from extension/subsystems/Authentication/ldap/ldap1/ was created by me after i tried several "solution" found on web.


Don't hesitate to back to more informations.

Best regards,

J
0 Kudos

hedi_ad
Champ on-the-rise
Champ on-the-rise

‎10-21-2015 06:39 AM

Hello,

have you configured this file: "/opt/alfresco-5.0.d/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties"

puts your configuration to help you
0 Kudos

tybion
Champ in-the-making
Champ in-the-making

‎10-22-2015 06:47 AM

Just in case this is helpful to you ..

http://geofoss.net/2015/07/10/alfresco-5-0-ldap-authentication/
0 Kudos

muralidharand
Star Contributor
Star Contributor

‎10-26-2015 07:05 AM

You can try with the following configuration values.
1) Give less query batch size value
2) Timeout value.


ldap.synchronization.queryBatchSize=5
ldap.authentication.java.naming.read.timeout=1500
0 Kudos

jnarbonne
Champ in-the-making
Champ in-the-making

‎10-26-2015 07:09 AM

Hello,

sorry for delay,

in first thanks a lot for quick return,

I have already used this tuto http://geofoss.net/2015/07/10/alfresco-5-0-ldap-authentication/ for help. i'm based on.

I think problem is the ldap.

i'll send you the ldap tree i used and the parameter i add in conf.


ldaptree:


dc=company,dc=lan[Localhost]
-ou=A1
   -ou=A1B1
      -ou=A1B1C1
         -cn=USERS (objectClass value="groupOfUniqueNames")(objectClass value="top")
            uniqueMember value="uid=user1,ou=A2B1C1,ou=A2B1,ou=A2,dc=company,dc=lan"
            uniqueMember value="uid=user1,ou=A2B2,ou=A2,dc=company,dc=lan"
            …
-ou=A2
   -ou=A2B1
      -ou=A2B1C1
        uid=user1,ou=A2B1C1,ou=A2B1,ou=A2,dc=company,dc=lan
        …
   -ou=A2B2
      -ou=A2B1
        uid=user1,ou=A2B2,ou=A2,dc=company,dc=lan
        …
-cn=UserReadOnly,dc=company,dc=lan


*

File: alfresco-global.properties

##### LDAP AUTHENTICATION #####

### Use Alfresco authentication for admin accounts and LDAP for users ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

## When TESTING, set synchronizeChangesOnly to false
## - this will give FULL synchronization for scheduled synchs
synchronization.synchronizeChangesOnly=false

## Set up regular synchronization with the LDAP server ##
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true

# When TESTING, synchronise every 5 minutes
# secs min hour dom mon dow
synchronization.import.cron=0 */5 * * * ?



File: ldap-authentication.properties

#########################
#### AUTHENTICATION  ####
#########################

####ACTIVE AUTHENTICATION ####
ldap.authentication.active=true

####AUTHENTICATION CONFIGURATION####

# Base DN containing users
ldap.authentication.userNameFormat=uid=%s,cn=USERS,ou=A1B1C1,ou=A1B1,ou=A1,dc=company,dc=lan

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://[DNS_host].company.lan:636
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple


#########################
#### SYNCHRONIZATION ####
#########################

####ACTIVE SYNCHRONIZATION ####
ldap.synchronization.active=true


#### LDAP ACCESS ####
# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=cn=UserReadOnly,dc=company,dc=lan

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=XXXXXXXXX

#### QUERIES CONFIGURATION ####
# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=cn=USERS,ou=A1B1C1,ou=A1B1,ou=A1,dc=company,dc=lan

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=cn=USERS,ou=A1B1C1,ou=A1B1,ou=A1,dc=company,dc=lan

# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'


#### MAP LDAP FIELDS ####
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
#ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember



I have now this error in catalina.out

<code>
2015-10-26 11:35:00,298  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-2] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 09260017 Failed to connect to ldap://[distant_DNS_ldap_SERVER]:636. Reason javax.naming.NamingException, LDAP response read timed out, timeout used:-1ms.
<code>

LDAP server is available
I'll stay able to reply to your questions
0 Kudos

jnarbonne
Champ in-the-making
Champ in-the-making

‎10-26-2015 07:21 AM

Hello muralidharand,

Thanks for your response,

I'll try but it didn't work.

Best regards,

J
0 Kudos

muralidharand
Star Contributor
Star Contributor

‎10-26-2015 01:14 PM

We also had the similar problem, we adjusted the querybatch size and timeout values and it is worked for us.
Can you please post the complete stacktrace?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC