AnsweredAssumed Answered

LDAP - Specify Realm

Question asked by squaricdot on Nov 4, 2010
Latest reply on Nov 4, 2010 by squaricdot
Good afternoon,

I've a working authentication+synchronization ldap (openldap) configuration. i store my configuration in shared/classes/alfresco-global.properties as:

<<alfresco-global.properties>>

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap


#
# OPENLDAP AUTH+SYNC
#————-
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
#ldap.authentication.userNameFormat=mail\=%s,jvd\=cdomain.tld,ou\=customers,dc\=tao,dc\=intranet
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://tao-dev-auth02.tao.intranet:389
#ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=tao-admin
ldap.synchronization.active=true
#ldap.synchronization.java.naming.security.principal=cn\=alfresco,ou\=services,ou\=mgnt,dc\=tao,dc\=intranet
ldap.synchronization.java.naming.security.principal=service.alfresco
ldap.synchronization.java.naming.security.credentials=****************
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(accountActive\=TRUE)(delete\=FALSE)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,jvd\=cdomain.tld,ou\=customers,dc\=tao,dc\=intranet
ldap.synchronization.userSearchBase=jvd\=cdomain.tld,ou\=customers,dc\=tao,dc\=intranet
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=mail
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member

synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=false
synchronization.syncOnStartup=true
synchronization.autoCreatePeopleOnLogin=true
<</alfresco-global.properties>>

But in my situation I want to explicitly  define the realm which ldap is going to use.
After googling a bit I see that in the common-ldap-context.xml there is a small area mentioning this:
(tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml)

<<common-ldap-context.xml>>

<!– The authentication mechanism to use      –>
            <!– Some sasl authentication mechanisms may require a realm to be set –>
            <!–                java.naming.security.sasl.realm –>
            <!– The available options will depend on your LDAP provider –>
            <entry key="java.naming.security.authentication">
               <value>${ldap.authentication.java.naming.security.authentication}</value>
            </entry>
<</common-ldap-context.xml>>

so I tried 2 ways to fix this in my alfresco-global.properties but no success..:
1)
<<alfresco-global.properties>>

ldap.authentication.java.naming.security.sasl.realm=single
ldap.synchronization.java.naming.security.sasl.realm=single
<</alfresco-global.properties>>

2)
<<alfresco-global.properties>>

java.naming.security.sasl.realm=single
<</alfresco-global.properties>>

To me this should be the obvious configuration, though it's not working. I don't see anyone on this forum dealing with this.. So it might just be me who is trying to have this rare configuration.. Thought it would be working straight out of the box.. Guess I am wrong.

Can anyone tell me more about this? Or rather, what I am doing wrong and what should I do? :-)

Cheers

Regards,

Olmo

Outcomes