AnsweredAssumed Answered

Alfresco + Zimbra LDAP

Question asked by vasisualy on Sep 12, 2009
Latest reply on Feb 23, 2015 by skuran
Dear all,

Im trying to combine Alfresco with my existing Zimbra server.
My idea is to use zimba's LDAP server as the only one authentication mechanism.
It means that every Zimbra's user may login into Alfresco with the same credentials and the home folders as his/her full name.

As I see for this purpose I have to set
authentication.chain=ldap1:ldap
ldap.authentication.active=true
ldap.synchronization.active=true


My problem that LDAP schema in Zimbra is quite different than it was described in wiki and on this forum and I'm not LDAP guru.

Here is Zimbra LDAP scheme
[img]http://wiki.zimbra.com/images/b/bc/5_Zimbra_LDAP.4.1.2.jpg[/img]

Zimbra LDAP info http://wiki.zimbra.com/index.php?title=Zimbra_Directory_Service_(LDAP)
As you see there is no any subtrees.
All user info stores in flat structure. ()

Here is example of users LDIF record for Zimbra's user.
#——————————————————————————-
# This file has been generated on  from zimbra.local:389
# by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com)
#——————————————————————————-
version: 1
dn: uid=vasisualy,ou=people,dc=zimbra,dc=local
zimbraMailTransport: lmtp:zimbra.local:7025
zimbraAccountStatus: active
zimbraMailDeliveryAddress: vasisualy@zimbra.local
initials: Middle
givenName: John
sn: Smith
userPassword: {SSHA}Zb9zGRCymqk76tjE9BBZT8D8789D0Hf6
zimbraMailStatus: enabled
zimbraId: f22d0251-453d-474a-a3e4-c4f2bf3c8698
mail: sti@zimbra.local
displayName: John Middle. Smith
uid: vasisualy
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
zimbraPasswordModifiedTime: 20090910110003Z
cn: John Middle. Smith
zimbraMailHost: zimbra.local
zimbraLastLogonTimestamp: 20090910134126Z
zimbraPrefDefaultSignatureId: f748cca8-04dd-4e7f-a066-187e22357b85
zimbraSignatureName: My signature
zimbraPrefMailSignature: Here is my signature.
zimbraSignatureId: f748cca8-04dd-4e7f-a066-187e22357b85
zimbraPrefUseTimeZoneListInCalendar: TRUE
postalCode: 01030
ou: Department No 1
zimbraAllowAnyFromAddress: FALSE
street:: 5th Street
zimbraNotes: Notes text.
description: Description
co: Ukraine
physicalDeliveryOfficeName: Office 1
l: Kiev
telephoneNumber: 1125
st: State
company: Company Name
—————–

I have done some work and authentication works.

When user logs into Alfresco as  vasisualy it displays as vasisualy.
But I need a user like "John Middle. Smith" instead of vasisualy with home folder.
As I see for this I have to use LDAP sync and it is a problem for me now.

ldap.synchronization.personQuery=(&(ou\=*)(objectClass\=organizationalPerson)(zimbraMailStatus\=enabled))
ldap.synchronization.userSearchBase=ou\=People,dc\=zimbra,dc\=local
Alfresco imports users but stops on groups.

I do not know how to configure following group parameters in Alfresco for my LDAP my schema.
Could someone explain me this parameters more detailed than wiki?
ldap.synchronization.groupQuery=
ldap.synchronization.groupSearchBase= 
ldap.synchronization.groupType=
ldap.synchronization.groupIdAttributeName=
ldap.synchronization.groupMemberAttributeName=

Is it possible to configure static non LDAP groups for LDAP users?


Thank you in advance.

Outcomes