Actually, Alfresco provides some CIFS authenticators (passthru, ntlm...), but not for a LDAP subsystem. To solve this problem, we have implemented a component that allows you to use CIFS with openLDAP users.
| |
|---|
| Owner | Cesar Capillas |
| Versions | Community 3.4.x Community 4.0.x Community 4.2.x Community 5.0.x Enterprise 3.4.x Enterprise 4.0.x Enterprise 4.1.x Enterprise 4.2.x |
| License Type | Proprietary |
| Project Page | - Alfresco CIFS authenticator for openLDAP users addon - zylk |
| Download Page | Contact - zylk |
| Tags | zylk.net, authenticator, subsystem, repository, cifs, samba, openldap |
| Component Type | Integration |
| Extension Points | Authenticator |
| Installation | AMP, Manual |
| Products | Repository |
Installation Guide: The installation is tracked via AMP package. Stop Alfresco, copy the file in ${ALF_HOME}/amps and use ${ALF_HOME}/bin/apply_amps script to install de AMP.
Then copy configuration files to the extension directory:
${ALF_HOME}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication-context.xml ${ALF_HOME}/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication.properties
In alfresco-global.properties, an example of authentication chain can be:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,myldap:ldap,ldapSamba1:ldapSamba
Note that not all the protocols can be chained, so in order to use the LDAP Samba subsystem, the other CIFS-able subsystems must be deactivated (only one of the subsystems can use CIFS - in fact the first one in the chain):
alfresco.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=false
An example of custom properties are:
# LDAP Connection properties
ldap.samba.authentication.java.naming.provider.url=ldap://ldap.example.com:389 ldap.samba.authentication.base=dc=example,dc=com
ldap.samba.authentication.userbase=ou=People
# The user defined below must be able to execute user search querys in LDAP (administrator) ldap.samba.java.naming.security.principal=cn=admin,dc=example,dc=com ldap.samba.java.naming.security.credentials=secret
IMPORTANT: Each LDAP user needs to store the password as an MD4 hash and we will solve this by adding a sambaSamAccount object class to the user profile. This object class and its attributes are defined in the samba.schema file, which is part of the samba-doc package. To install this new schema, have a look at the documentation for your Linux distribution in the sections talking about how to add an LDAP schema to OpenLDAP. And finally, restart your Alfresco instance.
