Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- OpenLDAP and samba.schema for CIFS authorization
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
OpenLDAP and samba.schema for CIFS authorization
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2009 06:23 PM
I have OpenLDAP with samba schema and MD4 passwords (attribute: sambaNTPassword)
Can I use this password for CIFS authorization?
Can I use this password for CIFS authorization?
Labels:
- Labels:
-
Archive
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2009 06:43 PM
Yes. This should work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2009 03:01 PM
Thank you.
I have not found how to write MD4 password into the users' property.
Can you suggest anything?
I have not found how to write MD4 password into the users' property.
Can you suggest anything?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2009 03:04 PM
And of the samba user utils should work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2009 03:13 PM
samba utils are working
CIFS authorization does not work
I want some way to use samba passwords for CIFS authentication
CIFS authorization does not work
I want some way to use samba passwords for CIFS authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2009 03:31 PM
This still requires Alfresco to use a proxy (samba) to negotiate authentication for CIFS access.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 03:29 PM
I was able to integrate the samba password for alfresco in the ldap synchronization process
if anyone interested - I will send patches
if anyone interested - I will send patches
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 03:56 PM
Very interested to see what you did. It would be nice to document this and publish it on the wiki. If you are not up to it, I'll be more that happy to tackle that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2009 04:35 PM
svn diff:
in log4j.properties for debugging:
Index: root/projects/repository/source/java/org/alfresco/model/ContentModel.java
===================================================================
— root/projects/repository/source/java/org/alfresco/model/ContentModel.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/model/ContentModel.java (working copy)
@@ -196,6 +196,7 @@
static final QName PROP_COMPANYEMAIL = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "companyemail");
static final QName PROP_SKYPE = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "skype");
static final QName PROP_INSTANTMSG = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "instantmsg");
+ static final QName PROP_SAMBANTPASSWORD = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "sambantpassword");
static final QName PROP_SIZE_CURRENT = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "sizeCurrent");
static final QName PROP_SIZE_QUOTA = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "sizeQuota");
Index: root/projects/repository/source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java
===================================================================
— root/projects/repository/source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java (working copy)
@@ -192,4 +192,12 @@
*/
public String getMD4HashedPassword(String userName);
+ /**
+ * Set the MD4 password hash
+ *
+ * @param userName
+ * @param MD4Password
+ */
+ public void setMD4HashedPassword(String userName, String MD4Password);
+
}
Index: root/projects/repository/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
===================================================================
— root/projects/repository/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java (working copy)
@@ -301,6 +301,22 @@
properties.put(ContentModel.PROP_PASSWORD, passwordEncoder.encodePassword(new String(rawPassword), salt));
nodeService.setProperties(userRef, properties);
}
+
+ public void setMD4HashedPassword(String userName, String MD4Password) throws AuthenticationException
+ {
+ NodeRef userRef = getUserOrNull(userName);
+ if (userRef == null)
+ {
+ throw new AuthenticationException("User name does not exist: " + userName);
+ }
+ Map<QName, Serializable> properties = nodeService.getProperties(userRef);
+ String salt = null; // GUID.generate();
+ properties.remove(ContentModel.PROP_SALT);
+ properties.put(ContentModel.PROP_SALT, salt);
+ properties.remove(ContentModel.PROP_PASSWORD);
+ properties.put(ContentModel.PROP_PASSWORD, MD4Password);
+ nodeService.setProperties(userRef, properties);
+ }
public void deleteUser(String userName) throws AuthenticationException
{
Index: root/projects/repository/source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
===================================================================
— root/projects/repository/source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java (working copy)
@@ -395,6 +395,19 @@
}
/**
+ * Set the MD4 password hash
+ *
+ * Always throws an exception.
+ *
+ * @param userName
+ * @param MD4Password
+ */
+ public void setMD4HashedPassword(String userName, String MD4Password)
+ {
+ throw new AlfrescoRuntimeException("Not implemented");
+ }
+
+ /**
* Return the user details for the specified user
*
* Always throws an exception.
Index: root/projects/repository/source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
===================================================================
— root/projects/repository/source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java (working copy)
@@ -302,6 +302,18 @@
// return null;
}
+
+ /**
+ * Set the MD4 password hash
+ *
+ * @param userName
+ * @param userName
+ */
+ public void setMD4HashedPassword(String userName, String MD4HashedPassword)
+ {
+ throw new AlfrescoRuntimeException("Not implemented");
+
+ }
/**
* Return the user details for the specified user
Index: root/projects/repository/source/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java
===================================================================
— root/projects/repository/source/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java (working copy)
@@ -45,6 +45,7 @@
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.PropertyMap;
+import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -79,6 +80,9 @@
/** The logger. */
private static final Log logger = LogFactory.getLog(ChainingUserRegistrySynchronizer.class);
+
+ private MutableAuthenticationDao mutableAuthenticationDao;
+
/** The path in the attribute service below which we persist attributes. */
private static final String ROOT_ATTRIBUTE_PATH = ".ChainingUserRegistrySynchronizer";
@@ -104,6 +108,14 @@
/** The attribute service. */
private AttributeService attributeService;
+
+ public void setMutableAuthenticationDao(
+ MutableAuthenticationDao mutableAuthenticationDao)
+ {
+ this.mutableAuthenticationDao = mutableAuthenticationDao;
+ }
+
+
/** Should we trigger a sync when missing people log in? */
private boolean syncWhenMissingPeopleLogIn = true;
@@ -315,6 +327,20 @@
ChainingUserRegistrySynchronizer.logger.info("Updating user '" + personName + "'");
}
this.personService.setPersonProperties(personName, personProperties);
+ String sambaNTPassword = (String) personProperties.get(ContentModel.PROP_SAMBANTPASSWORD);
+ if ( sambaNTPassword != null ) {
+ if ( this.mutableAuthenticationDao.userExists(personName) ){
+ this.mutableAuthenticationDao.setMD4HashedPassword(personName, sambaNTPassword);
+ ChainingUserRegistrySynchronizer.logger.debug("Dao updateUser '" + personName + "'");
+ ChainingUserRegistrySynchronizer.logger.debug("Dao password '" + personName + "' : " + sambaNTPassword);
+ } else {
+ this.mutableAuthenticationDao.createUser(personName, "".toCharArray());
+ this.mutableAuthenticationDao.setMD4HashedPassword(personName, sambaNTPassword);
+ ChainingUserRegistrySynchronizer.logger.debug("Dao createUser '" + personName + "'");
+ }
+ } else {
+ ChainingUserRegistrySynchronizer.logger.debug("Dao User '" + personName + "': sambaNTPassword is not set");
+ }
}
else
{
@@ -347,6 +373,22 @@
}
}
this.personService.createPerson(personProperties, getZones(zoneId));
+
+ String sambaNTPassword = (String) personProperties.get(ContentModel.PROP_SAMBANTPASSWORD);
+ if ( sambaNTPassword != null ) {
+ if ( this.mutableAuthenticationDao.userExists(personName) ){
+ this.mutableAuthenticationDao.setMD4HashedPassword(personName, sambaNTPassword);
+ ChainingUserRegistrySynchronizer.logger.debug("Dao updateUser '" + personName + "'");
+ ChainingUserRegistrySynchronizer.logger.debug("Dao password '" + personName + "' : " + sambaNTPassword);
+ } else {
+ this.mutableAuthenticationDao.createUser(personName, "".toCharArray());
+ this.mutableAuthenticationDao.setMD4HashedPassword(personName, sambaNTPassword);
+ ChainingUserRegistrySynchronizer.logger.debug("Dao createUser '" + personName + "'");
+ }
+ } else {
+ ChainingUserRegistrySynchronizer.logger.debug("Dao User '" + personName + "': sambaNTPassword is not set");
+ }
+
}
// Increment the count of processed people
processedCount++;
Index: root/projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java
===================================================================
— root/projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java (revision 15109)
+++ root/projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java (working copy)
@@ -2175,7 +2175,8 @@
// Get the stored MD4 hashed password for the user, or null if the user does not exist
String md4hash = getNTLMAuthenticator().getMD4HashedPassword(userName);
-
+ logger.debug("User: " + userName + " Client: " + client.toString() + " MD4: " + md4hash);
+
if ( md4hash != null)
{
// Create the value to be encrypted by appending the server challenge and client challenge
Index: root/projects/repository/config/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties
===================================================================
— root/projects/repository/config/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties (revision 15109)
+++ root/projects/repository/config/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties (working copy)
@@ -107,3 +107,6 @@
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
+
+# Force create Alfresco user for CIFS Authorization and get MD4 password from sambaNTPassword
+ldap.synchronization.sambaNTPasswordAttributeName=sambaNTPassword
Index: root/projects/repository/config/alfresco/subsystems/Authentication/common-ldap-context.xml
===================================================================
— root/projects/repository/config/alfresco/subsystems/Authentication/common-ldap-context.xml (revision 15109)
+++ root/projects/repository/config/alfresco/subsystems/Authentication/common-ldap-context.xml (working copy)
@@ -325,6 +325,10 @@
<!– Active Directory: "???" –>
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
</entry>
+ <entry key="cm:sambantpassword">
+ <!– OpenLDAP: "sambaNTPassword" –>
+ <value>${ldap.synchronization.sambaNTPasswordAttributeName}</value>
+ </entry>
<!– Always use the default –>
<entry key="cm:homeFolderProvider">
<null/>
Index: root/projects/repository/config/alfresco/subsystems/Synchronization/default/default-synchronization-context.xml
===================================================================
— root/projects/repository/config/alfresco/subsystems/Synchronization/default/default-synchronization-context.xml (revision 15109)
+++ root/projects/repository/config/alfresco/subsystems/Synchronization/default/default-synchronization-context.xml (working copy)
@@ -53,6 +53,9 @@
<property name="sourceBeanName">
<value>userRegistry</value>
</property>
+ <property name="mutableAuthenticationDao">
+ <ref bean="authenticationDao"/>
+ </property>
</bean>
Index: root/projects/repository/config/alfresco/model/contentModel.xml
===================================================================
— root/projects/repository/config/alfresco/model/contentModel.xml (revision 15109)
+++ root/projects/repository/config/alfresco/model/contentModel.xml (working copy)
@@ -245,6 +245,9 @@
<property name="cm:instantmsg">
<type>d:text</type>
</property>
+ <property name="cm:sambantpassword">
+ <type>d:text</type>
+ </property>
<!– system maintained values –>
<property name="cm:sizeCurrent">
in log4j.properties for debugging:
log4j.logger.org.alfresco.smb.protocol.auth=debug
log4j.logger.org.alfresco.repo.security.sync=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2013 11:39 AM
Hi, I've setup Alfresco Community, and have LDAP authentication working, but from what I've found LDAP authentication on an Alfresco CIFS share simply doesn't work. I'm currently in a proof of concept phase and if I can't get this working it will DOA with management. Could you share any knowledge on how I might be able to get Alfresco LDAP-CIFS authentication working? Thanks!
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
