AnsweredAssumed Answered

authenticate using uid as ldap attribute & questions

Question asked by bparis on Nov 9, 2006
Latest reply on Nov 29, 2006 by andy
I can authenticate against our ldap server with Community Alfresco 1.3.0, using this userNameFormat :

<?xml version='1.0' encoding='UTF-8'?>

    <!– DAO that rejects changes - LDAP is read only at the moment –>
    <bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
        <property name="transactionManager">
            <ref bean="transactionManager" />
        <property name="target">
            <bean class="" />
        <property name="transactionAttributes">
               <prop key="*">${server.transaction.mode.default}</prop>

    <!– LDAP authentication configuration –>
    <bean id="authenticationComponentImpl" class="">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        <property name="userNameFormat">
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
            Usually for simple authentication.
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
    <bean id="ldapInitialDirContextFactory" class="">
        <property name="initialDirContextEnvironment">
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–       –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="">
                     <!– <value>DIGEST-MD5</value> –>

The problem we have is the following:
we do not want to authenticate using the employeeNumber in the DN.  We would like to use the user "uid" which is an attribute in our LDAP.

How could we do that ?

By the way: LDAP users' groups are not ldap nodes.  They just stand as LDAP users' attributes.   How could I map Alfresco users'groups with LDAP group attributes ?

Last question:
Are there (still?) any differences about ldap  between community version and enterprise ?  I've read in some old threads that ldap is not available in community version but I can see the ldap authentication works.

Thank's a lot.
UCL - Belgium