Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: binary-two on December 14, 2009, 01:21:48 am

Title: Quick Howto: Alfresco with LDAP
Post by: binary-two on December 14, 2009, 01:21:48 am
Quick Howto: Alfresco DMS with existing Tomcat 6 on EBOX/Ubuntu with LDAP authentication

I think some people might be interested in getting Alfresco running on an EBOX. Please have a look at the Alfresco wiki [1] and forums [2] for general installation instructions. I just want to point out the most important steps to get it running.

[1] http://wiki.alfresco.com/wiki/Download_and_install_Alfresco_in_Linux (http://wiki.alfresco.com/wiki/Download_and_install_Alfresco_in_Linux) (please also look at the different Ubuntu sections)
[2] http://forums.alfresco.com/en/ (http://forums.alfresco.com/en/)

1. Environment:

This description is for EBOX 1.2/Hardy. For Hardy, we need to grab some packages from newer distros, but in this specific case (Tomcat and a Tomcat-war, its no problem at all). On Jaunty, all packages are in Jaunty repositories.

We want to get Alfresco running in an existing Tomcat instance. We need to get the Tomcat 6 packets either from Hardy-backports [3], but the Intrepid packages work fine as well [4]. The Alfresco-war is bundled in Jaunty [5]. The reason for using the Ubuntu packages is the common Ubuntu structure and rules are already set up during installation and we need not to alter too much for a seamless integration any more. You still need to be aware of some dependencies that need to be fixed, like OpenOffice-headless.

If you grab Intrepid or Jaunty packages for Hardy, download them and install them (with all dependencies), using directly dpkg.

You don't have to worry about the OpenOffice start and the headless mode any more. The headless mode works without any X hacks now.

By default, Tomcat logs on syslog on Ubuntu. It is not very nice and you can alter this in /etc/init.d/tomcat6, but is it not essential (-outfile $CATALINA_LOG -errfile $CATALINA_LOG with CATALINA_LOG=/var/log/tomcat6/catalina.out). Please also check the instructions for changing the Alfresco logs (cf. [1,2]).

If you switch off Tomcat security you don't have to worry a lot, if not, please add:

/etc/tomcat6/policy.d/05alfresco.policy

Code: [Select]
// alfresco
grant codeBase "file:/var/lib/tomcat6/webapps/alfresco/-" {
    permission java.security.AllPermission;
};

grant codeBase "file:/var/lib/tomcat6/webapps/share/-" {
    permission java.security.AllPermission;
};

Just in short: Alfresco is a webapp in a container (Tomcat), so for security reasons the webapp would not be allowed to access other directories, to open ports, etc. I am still trying to get a more fine grained security policy working, but because I could not figure out all permissions needed yet, we need permission java.security.AllPermission;. I am happy for any help (permission java.util.PropertyPermission "user.dir", "read"; permission java.util.PropertyPermission "java.io.tmpdir", "read,write"; permission java.io.FilePermission "/var/lib/tomcat6/-", "read";
 permission java.io.FilePermission "/var/lib/alfresco/-", "read,write,execute,delete"; permission java.io.FilePermission "/usr/bin/-", "read,execute"; permission java.lang.RuntimePermission "createClassLoader", "";) is not enough).

[3] http://packages.ubuntu.com/en/hardy-backports/tomcat6 (http://packages.ubuntu.com/en/hardy-backports/tomcat6)
[4] http://packages.ubuntu.com/en/intrepid/tomcat6 (http://packages.ubuntu.com/en/intrepid/tomcat6)
[5] http://archive.canonical.com/pool/partner/a/alfresco-community (http://archive.canonical.com/pool/partner/a/alfresco-community) (partner-repository)

Take a breath, but don't restart Tomcat yet. More in the second post.

Björn
Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on December 14, 2009, 01:58:22 am
Quick Howto: Alfresco DMS with existing Tomcat 6 on EBOX/Ubuntu with LDAP authentication continued

2. Database

If you want to use MySQL (recommended), please follow the instructions mentioned in [1]. Again, I just want to point out the most important steps to get it running nicely on Ubuntu/EBOX.

3. Alfresco config

Fortunately, Alfresco 3 is much easier to configure than the previous versions. We need the LDAP-password now:

cat /etc/ldap.secret

We need to change

/var/lib/tomcat6/shared/classes/alfresco-global.properties

to look like this:

Code: [Select]
###############################^
## Common Alfresco Properties #^
###############################^
^
#^
# Sample custom content and index data location^
#-------------^
dir.root=/var/lib/alfresco^
^
#^
# Sample database connection properties^
#-------------^
db.name=alfresco^
db.username=alfresco^
db.password=please change me^
db.host=localhost^
db.port=3306^
^
#^
# External locations^
#-------------^
ooo.exe=/usr/bin/soffice^
img.root=/usr^
swf.exe=/usr/bin/alfresco-pdf2swf^
^
#^
# MySQL connection^
#-------------^
db.driver=org.gjt.mm.mysql.Driver^
db.url=jdbc:mysql://${db.host}:${db.port}/${db.name}^
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect^


#^
# Index Recovery Mode^
#-------------^
#index.recovery.mode=FULL^
#index.recovery.mode=auto

You need to set up the database up before the first start, otherwise some data will be stored in the default embedded one and things are possibly screwed up.

And for the EBOX-LDAP authentication:

Code: [Select]
# The default authentication chain^
# To configure external authentication subsystems see:^
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems^
#-------------^
authentication.chain=passthru1:passthru,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=true

# LDAP
ldap.authentication.active=true
ldap.synchronization.active=false

ldap.authentication.java.naming.provider.url=ldap://127.0.0.1:389
#ldap.authentication.java.naming.provider.url=ldaps://127.0.0.1:636

#ldap.authentication.java.naming.security.authentication=DIGEST-MD5
#ldap.authentication.userNameFormat=%s

ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=ebox
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.defaultAdministratorUserNames=admin,please add your admin user here

ldap.synchronization.java.naming.security.principal=cn=admin,dc=ebox
ldap.synchronization.java.naming.security.credentials=please add your ebox ldap password here
ldap.synchronization.userSearchBase=ou=Users,dc=ebox
ldap.synchronization.groupSearchBase=ou=Groups,dc=ebox
ldap.synchronization.personQuery=(&(uid=%v)(objectclass=posixAccount))
ldap.synchronization.groupQuery=(objectclass=posixGroup)
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# passthru
passthru.authentication.useLocalServer=true
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
#passthru.authentication.servers=127.0.0.1
passthru.authentication.domain=please add your samba domain here
passthru.authentication.defaultAdministratorUserNames=admin,please add your admin user here
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

So far, I only got simple authentication working. Digest would be much nicer and a bit more secure, maybe someone finds a way for doing so. To explain briefly, we need the LDAP-auth for the web fronted and webdav, and the passthru-auth for the internal CIFS server. Long story short, both use different kind of password hashes. If you have Kerberos set up, use the Kerberos-auth. Much easier, and you don't need a chain. Hopefully EBOX will have add Kerberos support any time soon  ;).

Now you can set up the internal CIFS, FTP, Mail system like described in [1]. You can't use privileged ports in this setup, they would conflict with some services anyway.

To access the Alfresco-CIFS, please create a virtual interface and redirect the ports accordingly [1], but you can use the EBOX web interface (Port redirections) or the firewall hook file, e.g:

Code: [Select]
Interface   Original destination   Original destination port   Protocol   Source   Destination IP   Port
eth0   [i][b]your ip2[/b][/i]/32   139   TCP/UDP   Any   [i][b]your ip1[/b][/i]   1139

Take another breath and restart Tomcat now. It might take a while to finish up the deployment inside Tomcat after the restart (the war gets unpacked). Also, with the first access, some things need to get compiled, so it will appear slower first.

Tomcat should be running (on port 8080) now, with the Alfresco-war deployed.

Open port 8080 in the firewall and access Alfresco with your ip1:8080/alfresco/ and Alfresco share your ip1:8080/share/

You can try to access the CIFS server with \\your ip2\ in Windows or smbclient.

Things should be running now (hopefully). If not, please check the logs for exceptions. Please check any public documentation, blogs, wikis, etc. for Alfresco installation instructions and compare it with your set up. It is not too complicated, but not too easy at the same time.

Future steps would be the integration with Apache using mod_jk and using the internal mail service. You can easily find the Apache things on the internet (better use mod_jk than reverse proxying), the mail things are a bit more tricky. I can post things here as well, if someone is interested.

I hope I could help :P.

Björn

Title: Re: Quick Howto: Alfresco with LDAP
Post by: J. A. Calvo on December 14, 2009, 07:46:09 pm
Thanks for your contribution!!
Title: Re: Quick Howto: Alfresco with LDAP
Post by: agbrand on January 27, 2010, 01:42:23 am
Nice contribution.
What do you mean by "mail things".
I am inetrested to integrate Alfresco with mail feature , can you help me please?
Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on January 27, 2010, 08:55:36 am
I meant inbound mail via smtp (1) and the imap feature (2) :-). It is a bit off-topic here, as I can't post any success story or working integration (yet). Use cases: A. Email archive, B. Store project emails with project data.

Outbound email is no trouble at all and works fine.

After some testing and trying, I did not get any usable solution running.  As mentioned before I am using 3.2 CE, and tested a bit with 3.2r2.

1. IMAP

There are some problems with large repositories, as described in some forum entries at Alfresco. In my tests, I could see things happening on the server (in the debug logs), but not much was happening on the client side. I was not able to see any content. Update: with a smaller repository it works fine. Moste likely you have to tweak the imap.config... config settings to limit the imap access to the neccessary parts (i.e. only home directories).

3.2r2 seems to be the same. I might try it on a fresh instance and/or with a nightly build. I have large repository on a rather small machine. It might be a performance issue. Update: it definately is.

2. SMTP

Well, no smtp-auth of any kind on the server. Some regex patterns to provide access restrictions. Did not plan to use it directly anyway. I wanted to use local mailboxes and fetchmail (smtpname) to forward to Alfresco. Works fine for text only mails. But I had big trouble with multipart attachments. I posted it in the Alfresco forum and never got any response [1].

I tried it only with 3.2, and will try it again with 3.2r2 or with a nightly version. Would be really neat if that would work. The fetchmail forward is not described in the Alfresco wiki, but works fine - theoretically.
Update: seems to be that an extension (EEMProxy) caused the trouble. 3.2r2 works fine now.

3. Fetch/Proxy Modules

There are some fetch/proxy modules  (e.g. for EEMProxy as well [2]) to fetch/catch mails, but latter does not work for some emails with 3.2 (parse errors). Reported from someone else on the Alfresco forum as well, but there were no replies either [3]. Could be a version related issue and not built for the 3.2 branch.

Some more information on similar tries here (there are two pdfs, both interesting to look at) [4].

I spent some time getting things running, but it was rather disappointing. Not much in the wikis or forums as well. But nevertheless it would be interesting to see and read how other people did go with it. Update: found some interesting things. Almost got Alfresco running as a email archive with only default Alfresco. It might take some time but it might work.

So long,

Björn

Disclaimer: I tested it not on different set ups or with a standalone version, only on my running system, so the problems described could be also in my set-up.

[1] http://forums.alfresco.com/en/viewtopic.php?f=9&t=24157&p=79154
[2] http://sourceforge.net/projects/emailarchiving/
[3] http://forums.alfresco.com/en/viewtopic.php?f=29&t=23454&p=76692&hilit=eemproxy#p76692
[4] www.system-worx.de/component/option,com_docman/gid,40/task,doc_download/
Title: Re: Quick Howto: Alfresco with LDAP
Post by: okis on March 28, 2010, 10:31:16 am
Thanks for this HowTo, I'm still having a problem with CIFS; i created a virtual interface with ebox and configured the ports forwarding in ebox firewall, but i'am getting this error msg :
logger.error("Failed to get local domain/workgroup name, using default of " + localDomain);
662                 logger.error("(This may be due to firewall settings or incorrect <broadcast> setting)");

could you please post your custom-file-servers-context.xml , file-servers.xml , iptables and file-servers.properties .
Thanks
Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on April 02, 2010, 06:28:24 am
Hi okis,

for me everything works fine with setting things in alfresco-global.properties only. I remember from older versions that there was the need to alter many config files. But I was never in need to do this for 3.2 (having only one instance per server).

Here is the relevant snippet from the file again:

Code: [Select]
filesystem.name=Alfresco

cifs.enabled=true

cifs.localname=alfresco
cifs.serverName=alfresco
cifs.domain=${DOMAIN}
cifs.broadcast=255.255.255.0
cifs.ipv6=disabled
cifs.hostannounce=true

#cifs.bindto=0.0.0.0
cifs.bindto=${primary-ip}
cifs.WINS.primary=${primary-ip}

cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139

cifs.urlfile.prefix=http://${host-name}/alfresco/

In my setup the services run on the ${primary-ip}, with the ${virtual-ip} redirecting to. As far as I remember there are inherent Netbios troubles with redirecting. Some times I have to access the share via the IP before I can access it with the dns name.

I redirected the services with ebox port forwarding, but anything (hooks, script) should work.

Code: [Select]
eth0:1   eBox   138   TCP/UDP   Any   10.0.1.1   1138   --  
eth0:1 eBox 137 TCP/UDP Any 10.0.1.1 1137 --
eth0:1 eBox 139 TCP/UDP Any 10.0.1.1 1139 --
eth0:1 eBox 143 TCP/UDP Any 10.0.1.1 1143 --
eth0:1 eBox 445 TCP/UDP Any 10.0.1.1 1445 --

Hope this helps. I am not getting much out of the posted error messages.

Björn

P.S. I got the mail archive (without third party tools) more or less running. I just had no time yet to do some last tweaks and document it properly. I will post it here eventually.
Title: Re: Quick Howto: Alfresco with LDAP
Post by: aguerra on April 07, 2010, 05:52:44 pm
Hi binary-two:

We have this esenario:

one server ebox 1.4.3 with hardy 8.04
another with alfresco ver 3.2.r2 in ubuntu 9.10

Code: [Select]
authentication.chain=passthru1:passthru,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=true

# LDAP
ldap.authentication.active=true
ldap.synchronization.active=false

ldap.authentication.java.naming.provider.url=ldap://192.168.1.10X:389
#ldap.authentication.java.naming.provider.url=ldaps://127.0.0.1:636

#ldap.authentication.java.naming.security.authentication=DIGEST-MD5
#ldap.authentication.userNameFormat=%s

ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=ebox
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.defaultAdministratorUserNames=admin
# please add your admin user here

ldap.synchronization.java.naming.security.principal=cn=admin,dc=ebox
ldap.synchronization.java.naming.security.credentials=password
# please add your ebox ldap password here

ldap.synchronization.userSearchBase=ou=Users,dc=ebox
ldap.synchronization.groupSearchBase=ou=Groups,dc=ebox
ldap.synchronization.personQuery=(&(uid=%v)(objectclass=posixAccount))
ldap.synchronization.groupQuery=(objectclass=posixGroup)
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# passthru
passthru.authentication.useLocalServer=true
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
#passthru.authentication.servers=127.0.0.1
passthru.authentication.domain=alge.net
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true


filesystem.name=Alfresco

cifs.enabled=true

cifs.localname=alfresco
cifs.serverName=alfresco
cifs.domain=alge.net
cifs.broadcast=255.255.255.0
cifs.ipv6=disabled
cifs.hostannounce=true

#cifs.bindto=0.0.0.0
cifs.bindto=192.168.1.10X
cifs.WINS.primary=192.168.1.10X

cifs.tcpipSMB.port=445
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138
cifs.netBIOSSMB.sessionPort=139

cifs.urlfile.prefix=http://192.168.1.2XX/alfresco/

We get this error: ..... Do u have any idea
Code: [Select]
11:12:17,414 ERROR [org.alfresco.fileserver] CIFS server configuration error, Error creating bean with name 'passthruServers' defined in file [/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.error.AlfrescoRuntimeException: 03070000 No valid authentication servers found for passthru
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'passthruServers' defined in file [/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.error.AlfrescoRuntimeException: 03070000 No valid authentication servers found for passthru
Caused by: org.alfresco.error.AlfrescoRuntimeException: 03070000 No valid authentication servers found for passthru
Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on April 08, 2010, 08:10:24 am
Hi aguerra,

try passthru.authentication.useLocalServer=false
and passthru.authentication.servers=your ebox ip, with samba access enabled for the Alfresco machine

Does the web login (via LDAP) work? The pass through should be only for the SMB/CIFS server. I guess you don't have one running on the Alfresco machine and run Alfresco on the default SMB/CIFS ports instead.

Maybe that helps.

Kind regards,

Björn
Title: Re: Quick Howto: Alfresco with LDAP
Post by: aguerra on April 08, 2010, 02:37:24 pm
Thk for replay...
After the change i can access thru web and it works .... thk a lot
Title: Re: Quick Howto: Alfresco with LDAP
Post by: andygraybeal on May 21, 2011, 07:32:12 pm
I understand that this is an old topic... I'm wondering if these instructions work with Ubuntu 10.04 or if not would someone mind updating these instructions to work with current versions of Alfresco, Zentyal and Ubuntu 10.04 ?


-Andy
Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on May 31, 2011, 07:43:03 am
Hi Andy,

Yes, they work. it is easier because alfresco is in the partner repository [1]. I usually install the partner version first, and then replace alfresco.war and share.war in /usr/share/tomcat6 with the newer version. The current partner version is alfresco-community_3.2.0-4.

I can not remember any caveats. If you run into any trouble, please post it here and I try to help. Though I am not around this forum that much any more.

Best regards,

Björn

[1] http://archive.canonical.com/pool/partner/a/alfresco-community/
Title: Re: Quick Howto: Alfresco with LDAP
Post by: franksanabria on February 15, 2012, 04:26:32 pm
good day,
I need yours helps, my scenary is the next:

Zentyal Principal with LDAP server.

Alfresco in other computer with Ubuntu server 11.10

I'm try with diferents manuals, but I can't login Alfresco in Zentyal.

I folow these manual:

http://www.jpereira.net/gestion-documental/alfresco-3-4-contra-ldap-y-cifs
http://estigmatizados.wordpress.com/2009/08/11/every-dog-has-his-day-alfresco-ldap-tambien/
http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Fconcepts%2Fauth-ldap-props.html

I don't know that I do wrong.

This is a configuration in my Alfresco:

###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-4.0.d/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=73cn0l0914
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}

### FTP Server Configuration ###
ftp.enabled=false
ftp.port=21
ftp.ipv6.enabled=false

### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0

### External executable locations ###
ooo.exe=/opt/alfresco-4.0.d/openoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
ooo.port=8100
img.root=/opt/alfresco-4.0.d/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-4.0.d/common/bin/pdf2swf
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-4.0.d/openoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=c3dc537c6ba26089f148c09a42c8f019

### E-mail site invitation setting ###
notification.email.siteinvite=false

### File Protocol Root ###
protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}

### License location ###
dir.license.external=/opt/alfresco-4.0.d

### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443

### BPM Engine ###
system.workflow.engine.jbpm.enabled=false


authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=zentyal,dc=net
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://192.168.92.246:389
ldap.synchronization.active=false

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronisation.personSearchBase=ou=Users,dc=zentyal,dc=net
ldap.synchronization.userSearchBase=ou=Users,dc=zentyal,dc=net
ldap.synchronization.groupSearchBase=ou=Groups,dc=zentyal,dc=net


Thank's for the help

Title: Re: Quick Howto: Alfresco with LDAP
Post by: binary-two on February 15, 2012, 10:24:45 pm
Hi franksanabri,


Do you get any error message on the Alfresco server/Tomcat log (i.e., /var/log/tomcat{6|7}/catalina.out; or the like)? Can Alfresco connect? Actually what might be interesting to know: can you actually access the LDAP from outside the Zentyal server with a normal client (e.g., Apache Directory Studio)?

If connecting works, try to follow the installation instructions as posted in this thread. Things like "synchronization.syncWhenMissingPeopleLogIn=true" might be important, is the binddn user set properly, and so on; there are other options as well that I use, but that are not in your config. I am not 100% which ones are mandatory, but the configuration examples as posted here work for sure. Some things are different in Alfresco 4, but that should not affect a basic set-up.


Good luck!

Björn

Title: Re: Quick Howto: Alfresco with LDAP
Post by: tony on December 04, 2012, 08:18:04 pm
Thank you, I finally could bind to ldap

Some important notes I think others might find useful:

* For a minimalist setup (authentication only) disable everything related to synchronization, except the line that tells alfresco that functionality wont be used, and that must be set to false
* Authentication type: simple
* String format: DN type uid=%s,ou=Canal BAF,dc=site
* Set the comma escape directives to true

Minimalist config or openldap2-alfresco integration:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,ou=<INSERT_OU_HERE>,dc=<INSERT_DC_HERE>
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://127.0.0.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=true
ldap.authentication.escapeCommasInUid=true
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=false

HTH

cheers
Title: Re: Quick Howto: Alfresco with LDAP
Post by: christian on December 04, 2012, 10:15:55 pm
Wow, I never realized that Alfresco's LDAP implementation was so poor  :o
Configuring somewhere something like "ldap.authentication.UserNameFormat" is clearly meaningless, at least from LDAP standpoint  :-[

1 - what is set here is DN and not username format
2 - hardcoding this would mean that
   - ALL ldap entries are within same branch, using same RDN
   - any change LDAP side in DIT will prevent to authenticate using Alfresco