Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulling Additional Attributes from AD LDAP - Ver 3.2r2

acook
Champ in-the-making
Champ in-the-making

‎04-11-2010 03:08 PM

Hi all-

So, let me first start off by saying that I am very new to Alfresco and have only been experimenting with it for about the last 2 months.  In saying this, thanks to the wiki articles concerning the Alfresco Subsystems and such, I have been very successful in configuring my Alfresco installation.  However, I currently have a problem/question concerning pulling additional attributes (for example, "location" attribute from Active Directory) into Alfresco, which, as far as I can tell, is not done with the "default" properties file (ldap-ad-authentication.properties).

There is no question - my Alfresco installation is successfully syncing users against Acitve Directory (AD) and authenticating quite nicely against it.  However, when I log into Alfresco as one of my users and browse to "User Profile and Settings" area of Alfresco, I only see that the "First Name", "Last Name", "Email" and "Organization" has been populated, according to the data in AD.  I was wondering, can the remaining fields (for example, "Job Title" and "Location") be also populated from AD during a sync?  My assumption was "yes", so I went searching around and found the following post:

http://forums.alfresco.com/en/viewtopic.php?f=9&t=21588

I thought that it applied to what I was trying to achieve so I followed it.  However, I cannot populate these fields.  Perhaps, I am missing something?

About my settings/configuration as of now:
Here is my authentication chain - 
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

Therefore, I have created the directory structure for the Authentication subsystem based on this.  Accordingly, I have created two files -
..tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ad\ldap1\ldap-ad-authentication.properties
..tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ad\ldap1\custom-ldap-context.xml

For ldap-ad-authentication.properties, I have added the following to the end:

#CUSTOM LDAP MAPPINGS
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userOrganizationAttributeName=department
ldap.synchronization.userLocationAttributeName=physicalDeliveryOfficeName
ldap.synchronization.userMobileAttributeName=mobile
ldap.synchronization.userCompanyPostCodeAttributeName=postalCode
ldap.synchronization.userCompanyFaxAttributeName=facsimileTelephoneNumber
ldap.synchronization.userCompanyTelephoneAttributeName=telephoneNumber
ldap.synchronization.userCompanyEmailAttributeName=mail
ldap.synchronization.userPersonDescriptionAttributeName=info
ldap.synchronization.userTelephoneAttributeName=homePhone
ldap.synchronization.userCompanyAddress1AttributeName=streetAddress
ldap.synchronization.userCompanyAddress2AttributeName=l
ldap.synchronization.userCompanyAddress3AttributeName=st

For custom-ldap-context.xml, I have added the following (under the "userRegistry" Bean id and "attributeMapping" property):
      
<!– CUSTOM ENTRY KEYS –>
<entry key="cm:jobtitle">
     <value>${ldap.synchronization.userJobTitleAttributeName}</value>
</entry>
<entry key="cm:organization">
     <value>${ldap.synchronization.userOrganizationAttributeName}</value>
</entry>
<entry key="cm:location">
     <value>${ldap.synchronization.userLocationAttributeName}</value>
</entry>
<entry key="cm:mobile">
     <value>${ldap.synchronization.userMobileAttributeName}</value>
</entry>
<entry key="cm:companypostcode">
     <value>${ldap.synchronization.userCompanyPostCodeAttributeName}</value>
</entry>
<entry key="cm:companyfax">
     <value>${ldap.synchronization.userCompanyFaxAttributeName}</value>
</entry>
<entry key="cm:companytelephone">
     <value>${ldap.synchronization.userCompanyTelephoneAttributeName}</value>
</entry>
<entry key="cm:companyemail">
     <value>${ldap.synchronization.userCompanyEmailAttributeName}</value>
</entry>
<entry key="cm:persondescription">
     <value>${ldap.synchronization.userPersonDescriptionAttributeName}</value>
</entry>
<entry key="cm:telephone">
     <value>${ldap.synchronization.userTelephoneAttributeName}</value>
</entry>
<entry key="cm:companyaddress1">
     <value>${ldap.synchronization.userCompanyAddress1AttributeName}</value>
</entry>
<entry key="cm:companyaddress2">
     <value>${ldap.synchronization.userCompanyAddress2AttributeName}</value>
</entry>
<entry key="cm:companyaddress3">
     <value>${ldap.synchronization.userCompanyAddress3AttributeName}</value>
</entry>

The rest of "custom-ldap-context.xml" is just a copy of "common-ldap-context.xml".  I do not see any error messages concerning this in "alfresco.log", but then again, I do not think that attribute-level mapping information is logged (from other posts I have come across).  Perhaps, this file is not being read?

I also used this page as a reference:
http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Spring_Beans

Any help would greatly be appreciated.

Thanks for your time in advance.
Labels:
0 Kudos
14 REPLIES 14

acook
Champ in-the-making
Champ in-the-making

‎04-12-2010 04:37 AM

All-

Actually, I just checked one of my user profiles right now and it would seem that using my exact procedure (did not change a thing) above DOES seem to populate these fields in the Alfresco User Profile.  The only thing I did today is add enable SSL for my connection to my Active Directory LDAP (ldaps).  I don't know if that should make a difference.  Maybe someone with more experience can comment?  I will keep you posted.

Thanks.

UPDATE: The procedure in the original post does work.  However, it will not update existing users unless any of the users attributes are changed before a next scheduled sync. Thus having a reason to sync the user…  Seems obvious in retrospect.  I will mark this as solved.  Hopefully, this post will help those who want do pull these attributes.
0 Kudos

paiyyavj13
Star Contributor
Star Contributor

‎02-02-2012 01:59 PM

hi ACook,

after configuring the dap properties file and the custom-ldap-context file-> restarted tomcat server=> how do we check whether these propeties have been successfully imported into alfresco?… do we login as admin and check under admin console-> user profiles?
Thanks in advance…
0 Kudos

supalucas
Champ in-the-making
Champ in-the-making

‎02-07-2012 08:17 PM

after configuring the dap properties file and the custom-ldap-context file-> restarted tomcat server=> how do we check whether these propeties have been successfully imported into alfresco?… do we login as admin and check under admin console-> user profiles?

Have you run full sync after making the change? (setting ldap.synchronization.synchronizeChangesOnly=false in alfresco-global.properties)
Then you can go to user profile page and check the result. (as any user)
0 Kudos

jgionet76
Champ in-the-making
Champ in-the-making

‎02-07-2013 04:32 PM

does this still work with the latest community edition of Alfresco?
I'm trying to add the extra ldap-ad values to sync and I'm not having any luck.
where exactly should I be putting this "custom" file? What exactly does this file have to contain?
can somebody post me an example?

thanks
0 Kudos

sasquatch58
Champ in-the-making
Champ in-the-making
In response to jgionet76

‎02-09-2013 05:18 PM

This should work with the community edition.
Have a look at http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
This explains how a new method is set up and the addiional custom code required.
Cheers, Sasquatch
0 Kudos

muralidharand
Star Contributor
Star Contributor

‎02-09-2013 07:13 PM

You need to make changes in the following files

* <strong>alfresco-global.properties</strong>
* Create a new file <strong>ldap-authentication.properties</strong> the path ${ALFRESCO_DIR}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/

Please refer the below URLs to help you.

http://sysadminnotebook.blogspot.in/2011/06/configure-ldap-authentication-for.html
http://blog.infoaxon.com/alfresco-integration-active-directory/1313
http://davidatenney.wordpress.com/category/ubuntu/ubuntu-9-10/alfresco/ldap-configuration-for-alfres...
http://www.ochounos.com/#blog/6
0 Kudos

suraj
Champ in-the-making
Champ in-the-making

‎02-28-2014 04:21 AM

Hi

Sorry but i am not understand it.I do it serval time i was add field like firstname,lastname but it shows me only username other fields are empty.it is requird to create extra directory ldap1 under ldap-ad? please provide me simple example that shows how to use ldap in alfresco


Thanks,
Suraj
0 Kudos

suraj
Champ in-the-making
Champ in-the-making

‎03-04-2014 01:54 AM

Hi

  In apache directory studio i have made users and group but dont know how to integrate it with alfresco.please help me?

Thanks
Suraj
0 Kudos

suraj
Champ in-the-making
Champ in-the-making

‎03-06-2014 02:25 AM

thanks
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC