cancel
Showing results for 
Search instead for 
Did you mean: 

Ldap and afresco 5.2 synchronization

fatma19
Confirmed Champ
Confirmed Champ

I am currently configuring alfresco to use ldap server for authentication. I followed the offecial documentation and i updated alfresco-global.properties file, i can log in with ldap users but i don't see any group of dap and i see only ldap users who already connect with alfresco if a user did not logged in  alfresco i don't see him . i am using alfresco 5.2  and apache LDAP and this is my alfresco-global.properties file and the ldap hiarchy.

 

# User name format ..
ldap.authentication.active=true


ldap.authentication.userNameFormat=cn\=%s,ou\=users,o\=mojo
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=false
ntlm.authentication.mapUnknownUserToGuest=false
ldap.authentication.allowGuestLogin=false

# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://localhost:10389

# Enable synchronisation ..
ldap.synchronization.active=true

ldap.authentication.escapeCommasInUid=false
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=100
ldap.authentication.escapeCommasInBind=false


# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# Security ..
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=admin
ldap.synchronization.java.naming.security.credentials=secret

# Object class names, OUs ..
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.groupSearchBase=ou\=groups,o\=mojo
ldap.synchronization.userSearchBase=ou\=users,o\=mojo

# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
#ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember


# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true

# Requests timeout, in miliseconds, use 0 for none (default)
ldap.authentication.java.naming.read.timeout=0

 

synchronization.synchronizeChangesOnly=false

 

 

This is my alfresco-global.properties 

 


###############################
## Common Alfresco Properties #
###############################

dir.root=C:/ALFRES~1/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=admin
db.name=alfresco
db.url=jdbcSmiley Tongueostgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=C:/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
img.root=C:\\alfresco-community\\imagemagick
img.coders=${img.root}\\modules\\coders
img.config=${img.root}
img.gslib=${img.root}\\lib
img.exe=${img.root}\\convert.exe

jodconverter.enabled=false
jodconverter.officeHome=C:/ALFRES~1/LIBREO~1/App/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=C:/ALFRES~1

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false


### Use Alfresco authentication for admin accounts and LDAP for users ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
synchronization.allowDeletions=true
## When TESTING, set synchronizeChangesOnly to false
## - this will give FULL synchronization for scheduled synchs
synchronization.synchronizeChangesOnly=false
## Set up regular synchronization with the LDAP server ##
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
# When TESTING, synchronise every 5 minutes
# secs min hour dom mon dow
synchronization.import.cron=0 0/1 * * * ?
ldap.synchronization.enableProgressEstimation=true

1 ACCEPTED ANSWER

mikel_asla
Star Contributor
Star Contributor

Invalid DN

You need to change 

ldap.synchronization.java.naming.security.principal=admin

to something like

ldap.synchronization.java.naming.security.principal=cn\=admin,ou\=users,o\=mojo

View answer in original post

7 REPLIES 7

mikel_asla
Star Contributor
Star Contributor

Hi fatma,

That's the normal behavior when you have Syncronization disabled in your ldap subsystem

ldap.synchronization.active=false

You need to enable syncronization and configure it following this documentation

Hope it helps

 

it is already enabeled 

 

# Enable synchronisation ..
ldap.synchronization.active=true

mikel_asla
Star Contributor
Star Contributor

You're right, I was looking at your config in the previous post.... sorry

Having this enabled

synchronization.syncOnStartup=true

Can't you see output in your catalina.out regarding your ldap1 auth subsystem trying to synchronize users and groups when you start the server? The config looks fine

mikel_asla
Star Contributor
Star Contributor

Invalid DN

You need to change 

ldap.synchronization.java.naming.security.principal=admin

to something like

ldap.synchronization.java.naming.security.principal=cn\=admin,ou\=users,o\=mojo

Thank you very much Mr Mikel.I have already changed my config files and it works Smiley Happy

This is my new config 

alfresco-global.properties file 


###############################
## Common Alfresco Properties #
###############################
dir.root=C:/ALFRES~1/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=admin
db.name=alfresco
db.url=jdbcSmiley Tongueostgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
### FTP Server Configuration ###
ftp.port=21
### RMI registry port for JMX ###
alfresco.rmi.services.port=50500
### External executable locations ###
ooo.exe=C:/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
img.root=C:\\alfresco-community\\imagemagick
img.coders=${img.root}\\modules\\coders
img.config=${img.root}
img.gslib=${img.root}\\lib
img.exe=${img.root}\\convert.exe
jodconverter.enabled=false
jodconverter.officeHome=C:/ALFRES~1/LIBREO~1/App/libreoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=C:/ALFRES~1
### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443
### Allow extended ResultSet processing
security.anyDenyDenies=false
### Smart Folders Config Properties ###
smart.folders.enabled=false
### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false

### Use Alfresco authentication for admin accounts and LDAP for users ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
## When TESTING, set synchronizeChangesOnly to false
## - this will give FULL synchronization for scheduled synchs
synchronization.synchronizeChangesOnly=false
## Set up regular synchronization with the LDAP server ##
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
# When TESTING, synchronise every 5 minutes
# secs min hour dom mon dow
### Synchronisation Active Directory ###ldap.synchronization.timestampFormat=yyyyMMddHHmmss
ldap.synchronization.timestampFormat=yyyyMMddHHmmss

ldap-authentication.properties 

# User name format ..
ldap.authentication.active=true
ldap.authentication.userNameFormat=cn\=%s,ou\=users,o\=mojo

# IP address or name of your LDAP server - (port 389 is the default for LDAP)
ldap.authentication.java.naming.provider.url=ldap://localhost:10389

# Enable synchronisation ..
ldap.synchronization.active=true
synchronization.syncOnStartup=true
# Security ..
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret

# Object class names, OUs ..
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.groupSearchBase=ou\=groups,o\=mojo
ldap.synchronization.userSearchBase=ou\=users,o\=mojo

# The attribute name on people objects to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=cn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=groupOfUniqueNames
# The person type
ldap.synchronization.personType=inetOrgPerson
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember

the only problem is that it do not see ldap users who didin't connet to alfresco 

Make sure the two ldap properties below are set to LDAP schema attributes defined for your users with non-empty values in your Apache LDAP.

In the example below make sure 'givenName' and 'cn' are set in LDAP.

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=cn