The following video explains how to set up the Apache Directory Studio, create users and groups and import them into Alfresco. This allows you to run your own LDAP server for testing and development purposes for Alfresco.
Here is the alfresco-global.properties configuration that I have used for the LDAP sync:
############################################################################### # The default authentication chain # To configure external authentication subsystems see: # http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems #------------- ######AUTHENTIFICATION CHAIN#### authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap ######SUBSYSTEM AUTHENTIFICATION#### ### SIMPLE AUTHENTIFICATION ### ldap.authentication.java.naming.security.authentication=simple ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system ldap.authentication.active=true ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.authentication.java.naming.provider.url=ldap://localhost:10389 ldap.authentication.allowGuestLogin=true ##################################### ###### SUBSYSTEM SYNCHRONISATION #### ##################################### ldap.synchronization.active=true ldap.synchronization.java.naming.security.principal=uid=admin,ou=system ldap.synchronization.java.naming.security.credentials=secret ldap.synchronization.queryBatchSize=1000 ldap.synchronization.groupQuery=(objectclass=groupOfNames) ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0}))) ldap.synchronization.personQuery=(objectclass=inetOrgPerson) ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0}))) ldap.synchronization.groupSearchBase=ou=groups,ou=system ldap.synchronization.userSearchBase=ou=users,ou=system ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' ################# ATTRIBUTE MAPPING ############# #### mapping to unique username in username attribute### ldap.synchronization.userIdAttributeName=uid #ldap.synchronization.userLastNameAttributeName=cn #ldap.synchronization.userEmailAttributeName=mail #ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.groupIdAttributeName=cn #ldap.synchronization.groupType= #ldap.synchronization.personType= ldap.synchronization.groupMemberAttributeName=member #ldap.synchronization.userOrganizationalIdAttributeName=company ldap.synchronization.enableProgressEstimation=true
#################################### ###### SYNCHRONISATION SETTINGS #### #################################### synchronization.autoCreatePeopleOnLogin=false #synchronization.import.group.clearAllChildren=true # full sync or only changes? synchronization.synchronizeChangesOnly=false # to sync on each alfresco startup synchronization.syncOnStartup=true synchronization.syncWhenMissingPeopleLogIn=false ### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!! ### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html ### synchronisation starts every 15 minutes! synchronization.import.cron=0 0/15 * * * ?
Which version of Alfresco was this?
Hi Michiel, that was Alfresco 3.4.7 Enterprise but the configuration shouldn’t have changed in later versions.
Excellent video and demo I found it very? helpful. Have you attempted configuring Kerberos with ApacheDS and Alfresco yet?
Hi,
I used alfresco community 4.0.d and l configured the ldap authentication and synchronization in it. Here my code
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
# Base DN containing users
ldap.authentication.userNameFormat=uid\=%s,ou\=people,o\=im
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:10389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal= uid\=admin,ou\=system
ldap.synchronization.java.naming.security.credentials=*******
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=groups,o\=im
ldap.synchronization.userSearchBase=ou\=people,o\=im
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMemeber
ldap.synchronization.enableProgressEstimation=true
I didn't access login with ldap user id on alfresco share. Where's wrong?. Please give me advice.
with regards,
ksh
hi guys ,
now I am trying to authenticating the users with LDAP in Alfresco for that I made the configuration but I am unable to login to that user.I am using alfresco community 5.2.
I will place my configuration file please check and let me know what I need to change in configuration.
———————properties file———————
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=nrda,dc=in
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.100.188:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.authentication.authenticateFTP=true
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=Manager,dc=nrda,dc=in
ldap.synchronization.java.naming.security.credentials=admin@2017
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc\=nrda,dc\=in
ldap.synchronization.userSearchBase=ou\=Users,dc\=nrda,dc\=in
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
ldap.synchronization.com.sun.jndi.ldap.connect.pool=true
ldap.pooling.com.sun.jndi.ldap.connect.pool.authentication=none simple
ldap.pooling.com.sun.jndi.ldap.connect.pool.debug=
ldap.pooling.com.sun.jndi.ldap.connect.pool.initsize=1
ldap.pooling.com.sun.jndi.ldap.connect.pool.maxsize=
ldap.pooling.com.sun.jndi.ldap.connect.pool.prefsize=
ldap.pooling.com.sun.jndi.ldap.connect.pool.protocol=plain
ldap.pooling.com.sun.jndi.ldap.connect.pool.timeout=
ldap.pooling.com.sun.jndi.ldap.connect.timeout=
ldap.synchronization.userAccountStatusProperty=nsAccountLock
ldap.synchronization.disabledAccountPropertyValue=true
ldap.synchronization.disabledAccountPropertyValueCanBeNull=true
ldap.synchronization.userAccountStatusInterpreter=ldapUserAccountStatusInterpreter
———-in log file while trying to login getting error————'
Failed to authenticate user "kirti"
org.alfresco.repo.security.authentication.AuthenticationException: 03130018 Failed to authenticate, username or password is wrong. User name:uid=kirti,ou=Users,dc=nrda,dc=in Reason [LDAP: error code 49 - Invalid Credentials].
Please help me in this.