Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

use an LDAP attribute for authentification instead of the dn

bparis
Champ in-the-making
Champ in-the-making

‎11-27-2006 05:20 AM

we needed to authenticate against our LDAP directory where the user login has been saved as a unique attribute.
So our problem was Alfresco only permits to authenticate using the full user dn.
I've written this little code to resolve this.

1. first you have to set up the file "ldap-authentication-context.xml" like this, with your own values for seachBase and unique_LDAPattribute_name:
 
<!– LDAP authentication configuration –>
    
    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl_ucl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="searchBase">
                    <value>ou=London,dc=company,dc=com</value>
        </property>
        <property name="unique_LDAPattribute_name">
                    <value>uid</value>
        </property>
     </bean>

2. Then you compile and install the following class:http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.java
Compiled code is available at: http://www.ipsp.ucl.ac.be/alfresco/LDAPAuthenticationComponentImpl_ucl.class

note: put the file in:
$TOMCAT/webapps/alfresco/WEB-INF/classes/org/alfresco/repo/security/authentication/ldap

3. restart tomcat

4. set
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug
in log4J.properties will help you in case of problems


Hope this will help someones ….
Bernard.
Labels:
0 Kudos
1 REPLY 1

andy
Champ on-the-rise
Champ on-the-rise

‎11-30-2006 09:33 AM

Hi

Thanks for your post.

It is true that simple authentication must use the DN and looking up a user by some other attribute is very useful. However, it assumes you can bind anonymously and have access to read the required attributes.

Digest authentication can be used with the uid. For open ldap the query you have done is effectively done during the authentication process on the server, as opposed to before hand. I believe AD will accept the sAMAccountName but have not confirmed this on the many varients.


Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC