Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authenticate using uid as ldap attribute & questions

bparis
Champ in-the-making
Champ in-the-making

‎11-09-2006 11:23 AM

I can authenticate against our ldap server with Community Alfresco 1.3.0, using this userNameFormat :
employeenumber=%s,ou=person,o=myuniversity,c=be


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    
    <!– DAO that rejects changes - LDAP is read only at the moment –>
    
    <bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.authentication.MutableAuthenticationDao</value>
        </property>
        <property name="transactionManager">
            <ref bean="transactionManager" />
        </property>
        <property name="target">
            <bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
        </property>
        <property name="transactionAttributes">
          <props>
               <prop key="*">${server.transaction.mode.default}</prop>
          </props>
        </property>
    </bean>

    <!– LDAP authentication configuration –>
    
    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
            
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
            
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
            
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" 
            Usually for simple authentication.
            
            –>
<value>employeenumber=%s,ou=person,o=myuniversity,c=be</value>
        </property>
    </bean>
    
    <!–
    
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
    
    –>
    
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
                
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                    <value>ldap://192.168.251.20:389</value>
                </entry>
                
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–                java.naming.security.sasl.realm –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                     <!– <value>DIGEST-MD5</value> –>
                </entry>
   
        
            </map>
        </property>
    </bean>
</beans>


The problem we have is the following:
we do not want to authenticate using the employeeNumber in the DN.  We would like to use the user "uid" which is an attribute in our LDAP.

How could we do that ?

By the way: LDAP users' groups are not ldap nodes.  They just stand as LDAP users' attributes.   How could I map Alfresco users'groups with LDAP group attributes ?

Last question:
Are there (still?) any differences about ldap  between community version and enterprise ?  I've read in some old threads that ldap is not available in community version but I can see the ldap authentication works.


Thank's a lot.
Bernard
UCL - Belgium
Labels:
0 Kudos
1 REPLY 1

andy
Champ on-the-rise
Champ on-the-rise

‎11-29-2006 05:28 AM

Hi

LDAP auth is available in community.

What you can do depends on your ldap server. If it support digest authentication you can use the uid. Which LDAP server are you using?

There is some help for setting up digest auth with open ldap here …http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC