AnsweredAssumed Answered

LDAP attribute mapping for sync purpose

Question asked by jsabah on Sep 8, 2009
Latest reply on Dec 8, 2011 by techguy817
Hi all,

As I was struggling to find some information on how to map LDAP attributes in Alfresco Authentication files, here is what I found. Hope it helps others.

First you need to add the entries you want to map in \Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\common-ldap-context.xml
<property name="attributeMapping">
            <map>
                <entry key="cm:userName">
                    <!– Must match the same attribute as userIdAttributeName –>
                    <value>${ldap.synchronization.userIdAttributeName}</value>
                </entry>
                <entry key="cm:firstName">
                    <!– OpenLDAP: "givenName" –>
                    <!– Active Directory: "givenName" –>
                    <value>${ldap.synchronization.userFirstNameAttributeName}</value>
                </entry>
                <entry key="cm:lastName">
                    <!– OpenLDAP: "sn" –>
                    <!– Active Directory: "sn" –>
                    <value>${ldap.synchronization.userLastNameAttributeName}</value>
                </entry>
                <entry key="cm:email">
                    <!– OpenLDAP: "mail" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronization.userEmailAttributeName}</value>
                </entry>
                <entry key="cm:organizationId">
                    <!– OpenLDAP: "o" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
                </entry>
                <entry key="cm:jobtitle">
          <value>${ldap.synchronization.userJobTitleAttributeName}</value>
      </entry>
      <entry key="cm:organization">
          <value>${ldap.synchronization.userOrganizationAttributeName}</value>
      </entry>
      <entry key="cm:companyaddress1">
          <value>${ldap.synchronization.usercompanyaddress1AttributeName}</value>
      </entry>
      <entry key="cm:location">
          <value>${ldap.synchronization.userLocationAttributeName}</value>
      </entry>
                <!– Always use the default –>
                <entry key="cm:homeFolderProvider">
                    <null/>
                </entry>
            </map>
</property>

OK, but how do you get the right entry key ID ? Well they are all listed in the table qf_name in your alfresco DB, here is the non-exhaustive list :
id   local_name
1   store_root
2   aspect_root
3   container
4   children
5   user
6   enabled
7   credentialsExpire
8   accountExpires
9   accountLocked
10   password
11   username
12   descriptor
13   versionSchema
14   versionMajor
15   versionLabel
16   versionRevision
17   versionMinor
18   versionBuild
19   name
20   versionEdition
21   versionProperties
22   All
23   versionStoreRoot
24   versionStoreRoot
25   folder
26   auditable
27   icon
28   name
29   description
30   title
31   uifacets
32   titled
33   cmobject
34   contains
35   content
36   author
37   editInline
38   inlineeditable
39   base
40   person
41   userName
42   owner
43   email
44   organizationId
45   lastName
46   homeFolderProvider
47   firstName
48   ownable
49   homeFolder
50   category_root
51   category
52   categories
53   subcategories
54   mlRoot
55   source
56   copiedfrom
57   templatable
58   template
59   rules
60   systemfolder
61   ruleFolder
62   rule
63   disabled
64   ruleType
65   applyToChildren
66   executeAsynchronously
67   compositeaction
68   executeAsynchronously
69   definitionName
70   actionTitle
71   actionDescription
72   action
73   actioncondition
74   invert
75   conditions
76   actionparameter
77   parameterName
78   parameterValue
79   parameters
80   action
81   actions
82   sites
83   authorityContainer
84   authorityName
85   zone
86   inZone
87   member
88   alias
89   aliasable
90   emailed
91   incomplete
92   creator
93   created
94   .sitestore
95   installedVersion
96   currentVersion
97   sizeCurrent
98   configurable
99   configurations
100   presenceProvider
101   location
102   presenceUsername
103   organization
104   jobtitle
105   sizeQuota
106   mobile
107   companypostcode
108   companyfax
109   companyaddress3
110   companytelephone
111   skype
112   companyaddress2
113   telephone
114   instantmsg
115   persondescription
116   companyemail
117   companyaddress1

So for example, if you want to add the company telephone, you would add the following entry in common-ldap-context.xml:
<entry key="cm:companytelephone">
    <value>${ldap.synchronization.userCompanyTelephoneAttributeName}</value>
</entry>
You can set the name of the value to whatever you want, just make sure it makes sense for you when you read your file later on ;)

Then you have to add these newly created entries in your \Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad-authentication.properties
# Additional attributes mapping by you_name
ldap.synchronization.userLocationAttributeName=physicalDeliveryOfficeName
ldap.synchronization.usercompanyaddress1AttributeName=streetAddress

ldap.synchronization.userCompanyTelephoneAttributeName=telephoneNumber

If you don't know the name of the LDAP objects (like street address or telephone number), you can use an LDAP Browser like Softerra.

Hope my explanations were clear enough.

Jonathan

Outcomes