Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multi-tenancy and SSO (CAS+LDAP)

danilo_barone
Champ in-the-making
Champ in-the-making

‎10-10-2008 03:35 AM

Good morning all,
I have some questions, so I'm going to describe my situation:

In multi-tenancy structure, I have fore example 2 tenants.
-tenantdom1
-tenantdom2
So an user can login in alfresco by <username>@tenantdom1 or <username>@tenantdom2 (depending on wich tenant he is registered).

I configured SSO in Alfresco with CAS and LDAP. This configuration work, and LDAP users import work too, but I have a problem.
Although I read that there are issues about multi authentication on multi LDAP, this is not my problem: I have only one LDAP application.
Each tenant is identified in LDAP by an "organization unit". For example: o=tenantdom1 and o=tenantdom2. So each user of tenant1 will be under o=tenantdom1, and each user of tenant2 are under o=tenantdom2.

This is mi situation, and these are my questions:

1 - Do you have suggestions on how I can implement this architechture in Alfresco?
2 - I can import users from LDAP (using ldap.synchronisation.personSearchBase), but how I can import user from more dn?
3 - Do I need to implement a new "ldap-synchronisation-context"? How can I do?

Thank you all
Regards

Danilo
Labels:
0 Kudos
11 REPLIES 11

danilo_barone
Champ in-the-making
Champ in-the-making

‎10-10-2008 06:40 AM

I thought I can use the "ldap.synchronisation.personQuery" to find all tenant's users.
For Example:

ldap.synchronisation.personQuery=(&(objectclass=inetOrgPerson)(|(o=tenantdom1)(o=tenantdom2)))
Is this correct?

Regards
Danilo
0 Kudos

danilo_barone
Champ in-the-making
Champ in-the-making

‎10-10-2008 07:21 AM

other problem…
the organization unit "o" is not an attribute, so i can't insert it in the query… but I can start query on a "father-node" of all o=tenantdom1, o=tenantdom2…etc
we just need to insert an attribute to separate users that can access to Alfresco and any user that are in LDAP but cannot access to Alfresco.

What do you think?

Regards
Danilo
(I'm doing ping pong with myself…  Smiley Very Happy )
0 Kudos

danilo_barone
Champ in-the-making
Champ in-the-making

‎10-13-2008 10:04 AM

I'm continuing to test multi-tenancy importing from ldap, but…  :cry: I have many problems to understand this structure.
If I create an user of tenant1 (test@tenantdom1) in LDAP, simply by entering the username 'test@tenantdom1', Alfresco look it as a normal user, not as an user under tenant1 domain.
How can Alfresco recognize it?
I need your help because I didn't find any documentation on this situation…
Is there anyone who can suggest something, or give me a document that describe the integration with multi-tenancy and SSO?

I hope you write me soon

Regards
Danilo
0 Kudos

protenus
Champ in-the-making
Champ in-the-making

‎12-08-2008 04:00 PM

Danilo,

While I cant help much (having same conceptual problems). We are also working on doing the same thing.

We are integrating with zimbra, so the users are located in differant domains
eg.
ou=people,dn=tenant1,dn=net
and
ou=people,dn=tenant2,dn=net

any ideas how to set up a LDAP to search both of these?
0 Kudos

tan
Champ in-the-making
Champ in-the-making

‎06-29-2009 02:46 PM

Even I had a similar use case ,I did not find a neat solution but I made it work .

Not so great solution Smiley Happy given below

1. Disable ldap sync by renaming ldap-synchronisation-context.xml to ldap-synchronisation-context.xml.sample in shared dir to avoid ldap import .If the import is enabled then users are created as normal users .

2. Now login as user1@tenant1 thru SSO(CAS +LDAP ) since LDAP authentication is enabled the user is created by alfresco under tenant1

Follow the same for tenant2 .

The trick is to avoid import and let alfresco create users if not available .Alfresco creates users under correct tenant as multi tenant feature is enabled.

I hope this crappy solution is of some help .

Warning : This is posted by an user who has just worked with alfresco for a month Smiley Happy
0 Kudos

pp20218
Champ in-the-making
Champ in-the-making

‎08-30-2010 08:43 AM

Hi,
I want to use LDAP with Zimbra.
If I create tenants with out LDAP configuration, it is working as expected.
But when I use LDAP and create tenants I am not able to login.
I created a tenant named tenant1 and tenant2.
I am using userid as admin@tenant1 but it is not accepting.

Pls help.

Thanx
0 Kudos

pp20218
Champ in-the-making
Champ in-the-making

‎09-03-2010 08:02 AM

Can ANyone pls help on this?
0 Kudos

pp20218
Champ in-the-making
Champ in-the-making

‎09-18-2010 06:26 AM

Any help pls..

I am eagerly waiting for the reply.

Thanx in advance
0 Kudos

pp20218
Champ in-the-making
Champ in-the-making

‎09-27-2010 09:37 AM

Can anyone help pls?

Thanx in advance.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC