Alfresco 5.0.d + OpenLdap


Can’t believe I once hired an Indy IT mercenary to configure this for MS/AD, sad really. Anyways was bored today and had some time so dug up my DEV server for Alfresco and found it was still using an internal database for authentication. So I took the trouble of configuring it to use the OpenLdap server we now use for all Authentications down here.

So how to get to it, firstly out Alfresco sits in /opt/alfresco (that might be different for you) from here make a folder for the ldap class like so:

mkdir -P /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1

Now if you want to go from a template get the 5.0.d binary from GitHub and extract the ldap-authentication.properties to work on, like so:

wget https://github.com/Alfresco/community-edition/archive/V5.0.d.tar.gz
 tar -zxvf V5.0.d.tar.gz -C ~/tmp --wildcards --no-anchored 'ldap-authentication.properties'
 find tmp -type f -exec mv -i {} . \;
You can also just copy and paste this below to modify to your liking
 
 # LDAP Settings for OpenLDAP sync and auth
 ldap.authentication.active=true
 ldap.authentication.allowGuestLogin=false
 ldap.authentication.userNameFormat=uid=%s,ou=users,dc=integrative,dc=it
 # The LDAP context factory to use
 #ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 # The URL to connect to the LDAP server
 ldap.authentication.java.naming.provider.url=ldap://ldap.legal-it.net:389
 # The authentication mechanism to use for password validation
 ldap.authentication.java.naming.security.authentication=simple
 # Escape commas entered by the user at bind time Useful when using simple authentication and the CN is part of the DN and contains commas
 ldap.authentication.escapeCommasInBind=false
 ldap.authentication.escapeCommasInUid=false
 # Comma separated list of user names who should be considered administrators by default
 ldap.authentication.defaultAdministratorUserNames=admin
 # Enable FTP authentication using LDAP
 ldap.authentication.authenticateFTP=true
 ldap.synchronization.active=true
 ldap.synchronization.java.naming.security.authentication=simple
 ldap.synchronization.java.naming.security.principal=cn\=admin,dc\=integrative,dc\=it
 ldap.synchronization.java.naming.security.credentials=supersecretpassword
 ldap.synchronization.queryBatchSize=50
 ldap.synchronization.attributeBatchSize=0
 # The query to select all objects that represent the groups to import.
 ldap.synchronization.groupSearchBase=ou\=groups,dc\=integrative,dc\=it
 ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
 ldap.synchronization.groupDifferentialQuery=(&(objectclass\==groupOfNames)(!(modifyTimestamp<\={0})))
 ldap.synchronization.userSearchBase=ou\=users,dc\=integrative,dc\=it
 ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
 ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
 # The name of the operational attribute recording the last update time for a group or user.
 ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
 ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
 ldap.synchronization.userIdAttributeName=uid
 ldap.synchronization.userFirstNameAttributeName=givenName
 ldap.synchronization.userLastNameAttributeName=sn
 ldap.synchronization.userEmailAttributeName=mail
 ldap.synchronization.userOrganizationalIdAttributeName=o
 ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
 ldap.synchronization.groupIdAttributeName=cn
 ldap.synchronization.groupDisplayNameAttributeName=description
 ldap.synchronization.personType=inetOrgPerson
 ldap.synchronization.groupType==groupOfNames
 ldap.synchronization.groupMemberAttributeName=member
 ldap.synchronization.enableProgressEstimation=true
 ldap.authentication.java.naming.read.timeout=0

The path for this file should be

/opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties

Now edit your alfresco global properties to call the new class for authentication and sync, just add the following to the top

### Use Alfresco authentication for admin accounts and LDAP for users ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
## For DEV, set synchronizeChangesOnly to false for FULL SYNC
synchronization.synchronizeChangesOnly=true
## Set up regular synchronization with the LDAP server ##
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.import.cron=0 */15 * * * ?

And ce’st ca., you will be synchronizing with LDAP every 15 mins or on startup, so maybe a good time to restart the alfresco server and see if it works.

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s