cancel
Showing results for 
Search instead for 
Did you mean: 

Win 2012R2 AD ldap configuration on alfresco community edition 5.0D

garylloyd
Champ in-the-making
Champ in-the-making
Hi Guys,

im really trying to not be stupid here and have looked at numerous documents/links etc on the forum etc but I just cant see where I get started with this.

Is there a step by step guide for dummies or at least a clue where to start because i sure as hell cant find it.

I really want to get into Alfresco and start creating content but I don't want to fall at the first hurdle post installation.

I keep seeing mention of config files that need amending etc but i cant find them.

Any and all help is greatly appreciated.

Many thanks.

Gary.
7 REPLIES 7

i2aml8
Champ in-the-making
Champ in-the-making
Gary,

If you are looking for no frills then edit your alfresco-global.properties with this (filing in your specific data). I got most of this from the 5 Community Docs and I'm successfully running this.

### Authentication

alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false

##Creating the authentication chain
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1Smiley Tongueassthru,ldap1:ldap-ad

ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<strong>YOUR DOMAIN CONTROLLER</strong>
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.userNameFormat=%s

ldap.synchronization.active=true
#A Domain user that can login and read (edit not required) from AD, Service Account maybe
ldap.synchronization.java.naming.security.principal=<strong>YOURDOMAIN\\YOUR USER WHO CAN READ FROM AD</strong>
#Password of a Domain user that can login and read (edit not required) from AD
ldap.synchronization.java.naming.security.credentials=<strong>THE PASSWORD OF YOUR USER WHO CAN READ FROM AD</strong>


#Sizing and query info for getting users and groups
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(&(objectclass\=group))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(!(modifyTimestamp<\={0})))

#Where to get groups from, if the enitre domain, then the dc levels are all that you need
ldap.synchronization.groupSearchBase=<strong>ou\=GROUPS,dc\=YOURDOMAIN,dc\=COM</strong>
#Where to get users from, if the enitre domain, then the dc levels are all that you need
ldap.synchronization.userSearchBase=<strong>ou\=USERS,dc\=YOURDOMAIN,dc\=COM</strong>

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
#The data to map
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
#The types to map
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true

ntlm.authentication.authenticateCIFS=false
ntlm.authentication.mapUnknownUserToGuest=false
ntlm.authentication.sso.enabled=false

passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.connectTimeout=5000
#passthru.authentication.defaultAdministratorUserNames=
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.servers=<strong>YOURDOMAIN\\YOUR DC</strong>

passthru.authentication.sso.enabled=true

passthru.authentication.useLocalServer=false


####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false
#synchronization.import.group.clearAllChildren=true
# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 60 minutes!
synchronization.import.cron=0 0/60 * * * ?

Hope this helps.




noveske
Champ in-the-making
Champ in-the-making
Thanks for i2aml8 authentication template, it works.

But I have a question to all Alfresco expertise; how can I configure the Alfresco to show the AD account "display name" only, NOT to show the "logon name"?

Thank you.



Alfresco version 5.0d on Windows platform

Hi i2aml8,

Could you help me please I edit alfresco-global.properties with your posted configurations but its not working for me.
And I noticed that I don't have folder ldap or ldap-ad in Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication folder.

eswbitto
Confirmed Champ
Confirmed Champ
@noveske,

What are you trying to accomplish with the display name rather than using the AD account?

noveske
Champ in-the-making
Champ in-the-making
hi ESWBitto,

I just do want to show the "Logon Name" in Alfresco. Can do?

[img]http://s9.postimg.org/7bto4o6or/search_people_2.jpg[/img]

Many Thanks

eswbitto
Confirmed Champ
Confirmed Champ
Ah! Ok I see what you're asking now. Ok so there is not any quick answer to this. The information is being pulled from the database (which in this case the data is being pulled from active directory). In order to not display this information you will have to create modifications to the alfresco installation to remove that header.

steeb
Champ in-the-making
Champ in-the-making
I've tried to copy your config but I keep getting integrity violation

2015-06-16 15:22:13,300  INFO  [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 4 entries. Rate: 8 per second. 1 failures detected.
2015-06-16 15:22:13,301  INFO  [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 3 entries
2015-06-16 15:22:13,301  ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: 1 error(s) detected. Last error from entry "unknown"
org.alfresco.repo.node.integrity.IntegrityException: 05160002 Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person
   Property: {http://www.alfresco.org/model/content/1.0}sizeCurrent

2015-06-16 15:22:13,270  ERROR [node.integrity.IntegrityChecker] [localhost-startStop-1] Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person
   Property: {http://www.alfresco.org/model/content/1.0}sizeCurrent
2015-06-16 15:22:13,294  WARN  [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Failed on batch commit.
org.alfresco.repo.node.integrity.IntegrityException: 05160002 Found 1 integrity violations:
Mandatory property not set:
   Node: workspace://SpacesStore/0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Name: 0d2d26a8-e7ec-43c7-bcc8-e446d5792d86
   Type: {http://www.alfresco.org/model/content/1.0}person