[SOLVED]Alfresco LDAP integration

[mbnoimi]

Hi All,

I want to integrate Alfresco with Zentyal LDAP so I followed up this tutorial but unfortunately it didn't work . May you please help me to find out how to do it?

IMPORTANT:

• I posted this issue here because I found this community more active than other forums.
• In /opt/Alfresco/tomcat/shared/classes/alfresco-global.properties I couldn't find this line "authentication.chain=alfrescoNtlm1:alfrescoNtlm" to modify it so I added a new line at the end of the file "authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap"
  
• In Zentyal users & groups I create a new user called "testo" under group "admino" which is works fine with Zarafa while it's not work with Alfresco
  

My LDAP paramters:

Code: [Select]

Base DN: dc=test,dc=lan
Root DN: cn=zentyal,dc=test,dc=lan
Password: KELLatp1F34YuDFRMVeK
Read-only root DN: cn=zentyalro,dc=test,dc=lan
Read-only password: FG@xqt4bbZN75BNIXV7N
Default Users DN: ou=Users,dc=test,dc=lan
Default Groups DN: ou=Groups,dc=test,dc=lan

/opt/Alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties additions:

Code: [Select]

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid\=%s,ou\=Users,dc\=test,dc\=lan
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn\=zentyalro,dc\=test,dc\=lan
ldap.synchronization.java.naming.security.credentials=FG@xqt4bbZN75BNIXV7N
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=zentyalGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=zentyalGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=test,dc\=lan
ldap.synchronization.userSearchBase=ou\=Users,dc\=test,dc\=lan
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=zentyalGroup
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
UPDATE: I'm using Alfresco 4.2.d community edition

[christian]

Assuming you're running Zentyal 3.x, you do have to specify LDAP port 390 (instead of default port 389) in order to access Zentyal (std) LDAP server.
You will find plenty of similar topic on this forum 

[mbnoimi]

Assuming you're running Zentyal 3.x, you do have to specify LDAP port 390 (instead of default port 389) in order to access Zentyal (std) LDAP server.
You will find plenty of similar topic on this forum 

May you tell me why? And Do you mean I've to modify OpenLDAP port or I've to change alfresco LDAP link similar to this:

Code: [Select]

ldap.authentication.java.naming.provider.url=ldap://localhost:390

[christian]

May you tell me why?

Because this is Zentyal team decision to run internal (Samba) LDAP on port 389 and non-Samba LDAP on port 390.
Samba-LDAP should be available on port 389 with GSSAPI authentication but I doubt you can implement it from Alfresco.
Using standard authentication, you must use port 390.
Search this forum for more details or ask directly Zentyal if this is not enough clear.

And Do you mean I've to modify OpenLDAP port

No, I mean and say that you have to modify Alfresco LDAP client (or Alfresco configuration) so that you access LDAP on port 390.

or I've to change alfresco LDAP link similar to this:

Code: [Select]

ldap.authentication.java.naming.provider.url=ldap://localhost:390

I don't know where such change has to be applied on Alfresco's side.

[mbnoimi]

Because this is Zentyal team decision to run internal (Samba) LDAP on port 389 and non-Samba LDAP on port 390.
Samba-LDAP should be available on port 389 with GSSAPI authentication but I doubt you can implement it from Alfresco.
Using standard authentication, you must use port 390.
Search this forum for more details or ask directly Zentyal if this is not enough clear.

Thanks. It's clear enough

or I've to change alfresco LDAP link similar to this:

Code: [Select]

ldap.authentication.java.naming.provider.url=ldap://localhost:390

I don't know where such change has to be applied on Alfresco's side.

It already exits at (as I mentioned above): /opt/Alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties

P.S. I wish to get help from guys who use Zentyal (Ubuntu) + Alfresco because lately Alfresco community filled with SPAMS so the only shelter for me is Zentyal community guys 

[mbnoimi]

Thank you christian. The problem solved after using port 390 as I mentioned before:

Code: [Select]

ldap.authentication.java.naming.provider.url=ldap://localhost:390