Hyland Connect

mdubois · ‎05-27-2019

Hi,

I need to establish a LDAP Authentification on my Alfresco Community.
In Alfresco-global.propertie, I add some lines but when I try to connect on Alfresco Share with my AD account, it didn't work. I add this line :

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap

ldap.authentication.java.naming.provider.url=ldap://IPAdressOfMyAD:389

ldap.synchronization.userSearchBase=uids=%s,ou=\Utilisateurs,dc=\DOMAIN,dc=\fr

ldap.authentification.active=true

ldap.synchronization.active=false

Did I need to add other line or edit other files ?

fedorow · ‎05-28-2019

You should give information about synchronization user - name and password.

ldap.synchronization.java.naming.security.principal=alfresco@domain.com
ldap.synchronization.java.naming.security.credentials=secret

And add a format of user names for authentication.

ldap.authentication.userNameFormat=%s@domain.com

It would be nice to add admin and guest policy:

ldap.authentication.allowGuestLogin=false

ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco

For mo information look at example:

http://docs.alfresco.com/community/tasks/auth-example-oneldap-ad.html

And documentation:

http://docs.alfresco.com/community/concepts/auth-ldap-intro.html

mdubois · ‎05-28-2019

Thank a lot about your help !

About ldap synchronization, I need name and password of my AD/DC or of my Alfresco server ?

fedorow · ‎05-28-2019

naming.security.principal is an AD user witch should have read permissions on LDAP (AD).

defaultAdministratorUserNames can be coma separated local alfresco users or/and synchronized AD users.

mdubois · ‎05-28-2019

Thank a lot, it's the solution !

mdubois · ‎05-28-2019

Just one more question, this line didn't work :

ldap.synchronization.groupSearchBase=ou=Groupes d'accès,dc=domain,dc=com

##Group from AD to Alfresco

fedorow · ‎05-28-2019

It's search base of your AD. It points to place where you groups stored.

You can check how it work by LDAP browser, filter everything you need and add to alfresco-global.properties yours base and query.

The full query parameters are:

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=group)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU\=Unit,DC\=domain,DC\=com

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=OU\=Unit,DC\=domain,DC\=com

mdubois · ‎05-28-2019

It didn't work, i think I don't really understand how to complete those lines :

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=group)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU\=Groupes d'accès,DC\=domain,DC\=com

fedorow · ‎05-28-2019

Try

ldap.synchronization.groupSearchBase=ou=Groupes d'accès,ou=RAPIDO,ou=CCAR,ou=RAPIDO_VDL,dc=rapido53,dc=com

or

ldap.synchronization.groupSearchBase=OU\=Groupes d'accès,OU\=RAPIDO,OU\=CCAR,OU\=RAPIDO_VDL,DC\=rapido53,DC\=com

mdubois · ‎05-29-2019

It didn't work...

I try this 2 option and let this enable:

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=group)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))

But when I connect with admin account, go to admin tools and user and groups when I write a group of my AD i have nothing. I don't know if this command respond to my needing.

For examble, I got a group name "Informatique" with 4 users, I want to import this group to alfresco and when i'm in alfresco I want to have this 4 users import and I want they are in a group name "Informatique" to just add rights on this group for all user in.

Sorry, my english sound french