Hyland Connect

garylloyd · ‎05-11-2015

Hi Guys,

im really trying to not be stupid here and have looked at numerous documents/links etc on the forum etc but I just cant see where I get started with this.

Is there a step by step guide for dummies or at least a clue where to start because i sure as hell cant find it.

I really want to get into Alfresco and start creating content but I don't want to fall at the first hurdle post installation.

I keep seeing mention of config files that need amending etc but i cant find them.

Any and all help is greatly appreciated.

Many thanks.

Gary.

i2aml8 · ‎05-14-2015

Gary,

If you are looking for no frills then edit your alfresco-global.properties with this (filing in your specific data). I got most of this from the 5 Community Docs and I'm successfully running this.

### Authentication

alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false

##Creating the authentication chain
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1

assthru,ldap1:ldap-ad

ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://YOUR DOMAIN CONTROLLER
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.userNameFormat=%s

ldap.synchronization.active=true
#A Domain user that can login and read (edit not required) from AD, Service Account maybe
ldap.synchronization.java.naming.security.principal=YOURDOMAIN\\YOUR USER WHO CAN READ FROM AD
#Password of a Domain user that can login and read (edit not required) from AD
ldap.synchronization.java.naming.security.credentials=THE PASSWORD OF YOUR USER WHO CAN READ FROM AD

#Sizing and query info for getting users and groups
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(&(objectclass\=group))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(!(modifyTimestamp<\={0})))

#Where to get groups from, if the enitre domain, then the dc levels are all that you need
ldap.synchronization.groupSearchBase=ou\=GROUPS,dc\=YOURDOMAIN,dc\=COM
#Where to get users from, if the enitre domain, then the dc levels are all that you need
ldap.synchronization.userSearchBase=ou\=USERS,dc\=YOURDOMAIN,dc\=COM

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
#The data to map
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
#The types to map
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true

ntlm.authentication.authenticateCIFS=false
ntlm.authentication.mapUnknownUserToGuest=false
ntlm.authentication.sso.enabled=false

passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.connectTimeout=5000
#passthru.authentication.defaultAdministratorUserNames=
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.servers=YOURDOMAIN\\YOUR DC

passthru.authentication.sso.enabled=true

passthru.authentication.useLocalServer=false

####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false
#synchronization.import.group.clearAllChildren=true
# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 60 minutes!
synchronization.import.cron=0 0/60 * * * ?

Hope this helps.

noveske · ‎05-26-2015

Thanks for i2aml8 authentication template, it works.

But I have a question to all Alfresco expertise; how can I configure the Alfresco to show the AD account "display name" only, NOT to show the "logon name"?

Thank you.

Alfresco version 5.0d on Windows platform

arturmkhitaryan · ‎06-14-2015

Hi i2aml8,

Could you help me please I edit alfresco-global.properties with your posted configurations but its not working for me.
And I noticed that I don't have folder ldap or ldap-ad in Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication folder.

eswbitto · ‎05-27-2015

@noveske,

What are you trying to accomplish with the display name rather than using the AD account?

noveske · ‎05-27-2015

hi ESWBitto,

I just do want to show the "Logon Name" in Alfresco. Can do?

[img]http://s9.postimg.org/7bto4o6or/search_people_2.jpg[/img]

Many Thanks

eswbitto · ‎05-28-2015

Ah! Ok I see what you're asking now. Ok so there is not any quick answer to this. The information is being pulled from the database (which in this case the data is being pulled from active directory). In order to not display this information you will have to create modifications to the alfresco installation to remove that header.

steeb · ‎06-16-2015

I've tried to copy your config but I keep getting integrity violation

2015-06-16 15:22:13,300 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 4 entries. Rate: 8 per second. 1 failures detected.
2015-06-16 15:22:13,301 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 3 entries
2015-06-16 15:22:13,301 ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: 1 error(s) detected. Last error from entry "unknown"
org.alfresco.repo.node.integrity.IntegrityException: 05160002 Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person
   Property: {http://www.alfresco.org/model/content/1.0}sizeCurrent

2015-06-16 15:22:13,270 ERROR [node.integrity.IntegrityChecker] [localhost-startStop-1] Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person
   Property: {http://www.alfresco.org/model/content/1.0}sizeCurrent
2015-06-16 15:22:13,294 WARN [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Failed on batch commit.
org.alfresco.repo.node.integrity.IntegrityException: 05160002 Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person

Hyland Connect

Win 2012R2 AD ldap configuration on alfresco community edition 5.0D