Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

users only in LDAP not in alfresco

skumar_us
Champ in-the-making
Champ in-the-making

‎06-23-2015 03:26 PM

I have a scenario where the customer wants to have the users inside the LDAP server, but not inside Alfresco.

is it something possible?
Labels:
0 Kudos
2 REPLIES 2

timo_denissen
Champ in-the-making
Champ in-the-making

‎06-24-2015 08:33 AM

Hey there,

I configured my Alfresco installation (binary installer) against LDAP the following way:

To enable LDAP-Authentication for users not created in Alfresco, add the folling line to $CATALINA_BASE/shared/classes/alfresco-global.properties: 

# Add LDAP support
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap


Next, create the following directory path:

mkdir -p $CATALINA_BASE/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1


Create a new file called ldap-authentication.properties with the following content: 

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid\=%s,cn\=users,LDAP_BASE
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:7389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=univentionGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=univentionGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=cn\=groups,LDAP_BASE
ldap.synchronization.userSearchBase=cn\=users,LDAP_BASE
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mailPrimaryAddress
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=univentionGroup
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true


Replace LDAP_BASE with your base dn, escape the equality signs with a backslash. Adapt the objectclasses and search bases as well as the LDAP port.

This is configured against a UCS 4.0-2 system with openLDAP, so make sure everything adapts to your system and your LDAP.

This configuration lets you log in with openLDAP users without the users begin added or created in the Alfresco database.

Greetings
Timo
0 Kudos

borisstankov
Champ in-the-making
Champ in-the-making

‎06-24-2015 08:35 AM

Well, you can use only the LDAP for authentication and not for synchronization. Meaning no user profiles will be on the Alfresco, however you still have some names on the alfresco side, cause every user has its own home dir (in alfresco repository).

Maybe someone else can give you more details if this is possible.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC