Monthly Archives: April 2012

Setting up an LDAP directory server for Alfresco development

4

The following video explains how to set up the Apache Directory Studio, create users and groups and import them into Alfresco. This allows you to run your own LDAP server for testing and development purposes for Alfresco.

Here is the alfresco-global.properties configuration that I have used for the LDAP sync:

###############################################################################
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#-------------

######AUTHENTIFICATION CHAIN####
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

######SUBSYSTEM AUTHENTIFICATION####

### SIMPLE AUTHENTIFICATION ###
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system

ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:10389
ldap.authentication.allowGuestLogin=true

#####################################
###### SUBSYSTEM SYNCHRONISATION ####
#####################################

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000

ldap.synchronization.groupQuery=(objectclass=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=ou=groups,ou=system
ldap.synchronization.userSearchBase=ou=users,ou=system

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

################# ATTRIBUTE MAPPING #############
#### mapping to unique username in username attribute###
ldap.synchronization.userIdAttributeName=uid
#ldap.synchronization.userLastNameAttributeName=cn
#ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.groupIdAttributeName=cn
#ldap.synchronization.groupType=
#ldap.synchronization.personType=
ldap.synchronization.groupMemberAttributeName=member
#ldap.synchronization.userOrganizationalIdAttributeName=company

ldap.synchronization.enableProgressEstimation=true
####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false
#synchronization.import.group.clearAllChildren=true
# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/15 * * * ?