Hyland Connect

hernanisaurelio · ‎03-25-2021

I am customizing Alfresco 5.2 and I would like you to help or guide me how I can implement the subsystem for logging in via email in LDAP.

EddieMay · ‎03-29-2021

Hi @hernanisaurelio

For the general approach to LDAP you can consult the relevant documentation on authentication subsystems. For a visual guide to LDAP integration, see Angel Borroy's video for 5.2 LDAP configuration.

For logging in via email, I presume you mean using an email address as the username?

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

hernanisaurelio · ‎05-03-2021

Thank you so much for your time EddieMay

I can already integrate my application with LDAP, I am using OpenLDAP.
At the moment I can only login with the username.
And I really really need to login with the LDAP email id. How could I do that

Thank you very much in advance.

sufo · ‎05-03-2021

I found this old post https://hub.alfresco.com/t5/ecm-archive/ldap-authentication-ad-by-email/m-p/270967/highlight/true#M1..., but don't know if you are willing to modify DNs of users. Personally I wouldn't do it.

Here is something for Alfresco 5.1, 5.2 which involves coding and deeper knowledge of Alfresco: https://www.enprowess.com/blogs/alfresco-ldap-using-email/

You could use external authentication and setup Apache HTTPD proxy and authenticate users there. Check this attribute: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#authldapremoteuserattribute

In Apache, set this header:

RequestHeader set X-Alfresco-Remote-User %{RU}e

In alfresco-global.properties:

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.enabled=true
external.authentication.proxyUserName=
external.authentication.proxyHeader=X-Alfresco-Remote-User
external.authentication.defaultAdministratorUserNames=admin

You have to modify also share-config-custom.xml https://docs.alfresco.com/content-services/6.1/admin/auth-sync/ (search for <userHeader>X-Alfresco-Remote-User</userHeader>).

hernanisaurelio · ‎05-13-2021

Sorry for the delay

I've been studying tutorial

https://www.enprowess.com/blogs/alfresco-ldap-using-email/

I had to have the LDAPAuthenticationComponentImpl.class file

And I managed to manipulate the java code of this compiled file.

For me to be able to log in with the email I had to use "userName.substring (0, userName.indexOf ("@"))"
This allows me to enter the email I type, eg "john.smith@info.com".
However, the validation happens only with everything before the at sign, which means that I can type anything after the at sign eg: "info01.com" and the login is done.

Inside the tutorial I found this code

Attributes matchAttrs = new BasicAttributes(true);

matchAttrs.put(new BasicAttribute(userEmailAttributeName, userName));

NamingEnumeration<SearchResult> answer;

String finalUser = null;

try{

answer = ctx.search(userSearchBase, matchAttrs);

while (answer.hasMore()){

SearchResult result = answer.next();

finalUser = result.getName();

}

userName = finalUser != null ? finalUser.substring(finalUser.indexOf("@") + 1): "";

return userName;

}catch(NamingException e){

e.getMessage();

}

And I would like to know how I can capture the ldap email from the username "john.smith"
And then make a comparison with the email captured from the Ldap email and the email typed in the login screen.

I hope I have explained it in the best way

Thank you very much in advance.

Hyland Connect

Login to ldap using email