AnsweredAssumed Answered

How to add Alfresco users to ldap directory?

Question asked by sandhya25186 on Jul 26, 2010
Latest reply on Jul 28, 2010 by sandhya25186
I have integrated my alfresco 3.3g in ubuntu to use ldap,which is successfully starting without giving any errors but in the login page, im at loss what credentials to give?

This are my directory entires :-
dn: dc=macif-lfn,dc=com
dc: macif-lfn
objectClass: dcObject
objectClass: organizationalUnit
ou: macif-lfn Incorporated
structuralObjectClass: organizationalUnit
entryUUID: 0b4cd92a-2cda-102f-9b1f-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.447889Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: ou=people,dc=macif-lfn,dc=com
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 0b4d17d2-2cda-102f-9b20-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.449519Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: cn=Charlton Heston,ou=people,dc=macif-lfn,dc=com
cn: Charlton Heston
sn: Heston
mail: heston@macif-lfn.com
telephoneNumber: 508-555-1212
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d2b14-2cda-102f-9b21-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450012Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: cn=Roddy McDowall,ou=people,dc=macif-lfn,dc=com
cn: Roddy McDowall
sn: McDowall
mail: mcdowall@macif-lfn.com
telephoneNumber: 508-555-1234
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d37e4-2cda-102f-9b22-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450340Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z

dn: uid=admin,ou=people,dc=macif-lfn,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: admin
sn: admin
givenName: admin
cn: administrator
displayName: administrator
uidNumber: 1000
gidNumber: 10000
userPassword:: YWRtaW4=
gecos: administrator
loginShell: /bin/bash
homeDirectory: /home/admin
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: admin@macif-lfn.com
postalCode: 31000
l: Toulouse
o: macif-lfn
title: System Administrator
postalAddress:
initials: LP
structuralObjectClass: inetOrgPerson
entryUUID: a877a662-2cda-102f-9905-a7bac762f49e
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726082222Z
entryCSN: 20100726082222.130700Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726082222Z

This is my tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/changes.properties
    #
    # LDAP Sync
    #
    # This flag enables use of this LDAP subsystem for authentication. It may be
    # that this subsytem should only be used for synchronization, in which case
    # this flag should be set to false.
    ldap.authentication.active=false
    ldap.authentication.java.naming.security.authentication=simple

    # This flag enables use of this LDAP subsystem for user and group
    # synchronization. It may be that this subsystem should only be used for
    # authentication, in which case this flag should be set to false.
    ldap.synchronization.active=true
    ldap.authentication.userNameFormat=%s,ou=Users,dc=macif-lfn,dc=com
    ldap.authentication.allowGuestLogin=true
    # (macif-lfn specific property)
    ldap.authentication.java.naming.provider.url=ldap://localhost:389

    # The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
    # (macif-lfn specific property)
    ldap.synchronization.java.naming.security.principal=cn=admin,dc=macif-lfn,dc=com

    # The password for the default principal (only used for LDAP sync)
    # (macif-lfn specific property)
    ldap.synchronization.java.naming.security.credentials=secret

    # If positive, this property indicates that RFC 2696 paged results should be
    # used to split query results into batches of the specified size. This
    # overcomes any size limits imposed by the LDAP server.
    ldap.synchronization.queryBatchSize=1000

    # The query to select all objects that represent the groups to import.
    # (macif-lfn specific property)
    ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com))

    # The query to select objects that represent the groups to import that have changed since a certain time.
    # (macif-lfn specific property)
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com)(!(modifyTimestamp<\={0})))

    # The query to select all objects that represent the users to import.
    # (macif-lfn specific property)
    ldap.synchronization.personQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=macif-lfn,DC\=com)(memberOf\=CN\=Sales,OU\=user,DC\=macif-lfn,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

    # The query to select objects that represent the users to import that have changed since a certain time.
    # (macif-lfn specific property)
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=macif-lfn,DC\=com)(memberOf\=CN\=Sales,OU\=user,DC\=macif-lfn,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
  # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
    # (macif-lfn specific property)
    ldap.synchronization.groupSearchBase=dc\=macif-lfn,dc\=com

    # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
    # (macif-lfn specific property)
    ldap.synchronization.userSearchBase=dc\=macif-lfn,dc\=com

    # The name of the operational attribute recording the last update time for a group or user.
    ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

    # The timestamp format. Unfortunately, this varies between directory servers.
    ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

    # The attribute name on people objects found in LDAP to use as the uid in Alfresco
    ldap.synchronization.userIdAttributeName=sAMAccountName

    # The attribute on person objects in LDAP to map to the first name property in Alfresco
    ldap.synchronization.userFirstNameAttributeName=givenName

    # The attribute on person objects in LDAP to map to the last name property in Alfresco
    ldap.synchronization.userLastNameAttributeName=sn

    # The attribute on person objects in LDAP to map to the email property in Alfresco
    ldap.synchronization.userEmailAttributeName=mail

    # The attribute on person objects in LDAP to map to the organizational id property in Alfresco
    ldap.synchronization.userOrganizationalIdAttributeName=company

    # The default home folder provider to use for people created via LDAP import
    ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

    # The attribute on LDAP group objects to map to the gid property in Alfrecso
    ldap.synchronization.groupIdAttributeName=cn

    # The group type in LDAP
    ldap.synchronization.groupType=group

    # The person type in LDAP
    ldap.synchronization.personType=user

    # The attribute in LDAP on group objects that defines the DN for its members
    ldap.synchronization.groupMemberAttributeName=member

    synchronization.synchronizeChangesOnly=true

Could somebody help me out please? :(

Outcomes