Setting up an LDAP directory server for Alfresco development

The following video explains how to set up the Apache Directory Studio, create users and groups and import them into Alfresco. This allows you to run your own LDAP server for testing and development purposes for Alfresco.

Here is the alfresco-global.properties configuration that I have used for the LDAP sync:

###############################################################################
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#-------------

######AUTHENTIFICATION CHAIN####
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

######SUBSYSTEM AUTHENTIFICATION####

### SIMPLE AUTHENTIFICATION ###
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system

ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:10389
ldap.authentication.allowGuestLogin=true

#####################################
###### SUBSYSTEM SYNCHRONISATION ####
#####################################

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000

ldap.synchronization.groupQuery=(objectclass=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=ou=groups,ou=system
ldap.synchronization.userSearchBase=ou=users,ou=system

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

################# ATTRIBUTE MAPPING #############
#### mapping to unique username in username attribute###
ldap.synchronization.userIdAttributeName=uid
#ldap.synchronization.userLastNameAttributeName=cn
#ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.groupIdAttributeName=cn
#ldap.synchronization.groupType=
#ldap.synchronization.personType=
ldap.synchronization.groupMemberAttributeName=member
#ldap.synchronization.userOrganizationalIdAttributeName=company

ldap.synchronization.enableProgressEstimation=true
####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false
#synchronization.import.group.clearAllChildren=true
# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/15 * * * ?

4 thoughts on “Setting up an LDAP directory server for Alfresco development

  1. Excellent video and demo I found it very? helpful. Have you attempted configuring Kerberos with ApacheDS and Alfresco yet?

  2. Hi,

    I used alfresco community 4.0.d and l configured the ldap authentication and synchronization in it. Here my code
    ldap.authentication.active=true
    ldap.authentication.allowGuestLogin=false
    # Base DN containing users
    ldap.authentication.userNameFormat=uid\=%s,ou\=people,o\=im
    ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    ldap.authentication.java.naming.provider.url=ldap://localhost:10389
    ldap.authentication.java.naming.security.authentication=simple
    ldap.authentication.escapeCommasInBind=false
    ldap.authentication.escapeCommasInUid=false
    ldap.authentication.defaultAdministratorUserNames=
    ldap.synchronization.active=true
    ldap.synchronization.java.naming.security.principal= uid\=admin,ou\=system
    ldap.synchronization.java.naming.security.credentials=*******
    ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))

    ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
    ldap.synchronization.groupSearchBase=ou\=groups,o\=im
    ldap.synchronization.userSearchBase=ou\=people,o\=im
    ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
    ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
    ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
    ldap.synchronization.userIdAttributeName=uid
    ldap.synchronization.userFirstNameAttributeName=givenName
    ldap.synchronization.userLastNameAttributeName=sn
    ldap.synchronization.userOrganizationalIdAttributeName=o
    ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
    ldap.synchronization.groupIdAttributeName=cn
    ldap.synchronization.groupType=groupOfUniqueNames
    ldap.synchronization.personType=inetOrgPerson
    ldap.synchronization.groupMemberAttributeName=uniqueMemeber
    ldap.synchronization.enableProgressEstimation=true

    I didn't access login with ldap user id on alfresco share. Where's wrong?. Please give me advice.
    with regards,
    ksh

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>