Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Subgroups in LDAP

agey
Champ in-the-making
Champ in-the-making

‎05-03-2011 08:36 AM

Hi all,

I am using LDAP to authenticate users in Alfresco and it works fine. The LDAP tree has users and groups of users but now I have to define subgroups in Alfresco to configure permissions due to new requirements. How can I define subgroups in LDAP tree? And, how must be defined the Alfresco synchronization file?

This is my LDAP tree:

dn: dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: dcObject
objectClass: organization
dc: alfresco

dn: cn=admin,dc=alfresco,dc=sample,dc=sm
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: *********

dn: ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: people

dn: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user1
givenName: user1
sn: user1
userPassword:: *****

dn: ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=groupA,ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: groupOfUniqueNames
objectClass: top
cn: groupA
uniqueMember: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm

The Alfresco property files to configure LDAP are the following:



ldap.authentication.userNameFormat=cn\=%s,ou\=people,dc\=alfresco,dc\=sample,dc\=sm

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

ldap.authentication.java.naming.provider.url=ldap://192.168.2.30:389

ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.java.naming.security.principal=cn=admin,dc=alfresco,dc=sample,dc=sm

ldap.authentication.java.naming.security.credentials=*****

ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false



ldap.synchronization.active=true

ldap.synchronisation.personQuery=(objectclass\=inetOrgPerson)

ldap.synchronisation.personSearchBase=dc\=alfresco,dc\=sample,dc\=sm

ldap.synchronisation.userIdAttributeName=cn

ldap.synchronisation.userFirstNameAttributeName=givenName

ldap.synchronisation.userLastNameAttributeName=sn

ldap.synchronisation.userEmailAttributeName=mail

ldap.synchronisation.userOrganizationalIdAttributeName=o

ldap.synchronisation.defaultHomeFolderProvider=userHomesHomeFolderProvider

ldap.synchronisation.groupQuery=(objectclass\=groupOfUniqueNames)

ldap.synchronisation.groupSearchBase=dc\=alfresco,dc\=sample,dc\=sm

ldap.synchronisation.groupIdAttributeName=cn

ldap.synchronisation.groupType=groupOfUniqueNames

ldap.synchronisation.personType=inetOrgPerson

ldap.synchronisation.groupMemberAttributeName=uniqueMember

ldap.synchronisation.import.person.cron=0 */10 * * * ?

ldap.synchronisation.import.group.cron=0 */20 * * * ?

ldap.synchronisation.import.group.clearAllChildren=true


How can I define subgroups in LDAP and define mapping in Alfresco property file for synchronisation?

Thanks a lot in advance,
Labels:
0 Kudos
2 REPLIES 2

bartokk
Champ in-the-making
Champ in-the-making

‎05-12-2011 02:47 PM

Did you ever get a response or figure this out? I have similar questions.
0 Kudos

agey
Champ in-the-making
Champ in-the-making

‎05-13-2011 03:20 AM

Yes, I got it. The Alfresco synchronization file not change. Only I had to modify the LDAP tree.

Now, the LDAP tree has three organizational unit: people, groups and subgroups.

- Subgroups is a groupOfUniqueNames that contains people.
- Groups is a groupOfUniqueNames that contains subgroups.
- People is a person, inetOrgPerson and organizationalPerson with user properties.

dn: dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: dcObject
objectClass: organization
dc: alfresco

dn: cn=admin,dc=alfresco,dc=sample,dc=sm
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: *********

dn: ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: people

dn: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user1
givenName: user1
sn: user1
userPassword:: *****

dn: ou=subgroups,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=subgroupA,ou=subgroups,dc=alfresco,dc=sample,dc=sm
objectClass: groupOfUniqueNames
objectClass: top
cn: groupA
uniqueMember: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm


dn: ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=groupA,ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: groupOfUniqueNames
objectClass: top
cn: groupA
uniqueMember: cn=subgroupA,ou=subgroups,dc=alfresco,dc=sample,dc=sm

I hope this helps.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC