AnsweredAssumed Answered

Je viens de créer mon annuaire ldap, que je veux...

Question asked by laurentalfresco on Jul 27, 2007
Latest reply on Aug 13, 2007 by laurentalfresco
Bonjour,

Je viens de créer mon annuaire ldap, que je veux maintenant synchroniser avec Alfresco 2.0, ainsi qu’identifier les utilisateurs du ldap.

Premièrement, j’ai testé ceci :

ldap-authentication-context.xml


 
%s<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
   
<!–     <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>false</value>
        </property>
    </bean>     –>
  

    <!– LDAP authentication configuration –>

     <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">

       <value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
        </property>
    </bean>
   
    <!–
   
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
   
    –>
   
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
               
                <entry key="java.naming.provider.url">
                    <value>ldap://127.0.0.1:389</value>
                </entry>
               
                <entry key="java.naming.security.authentication">
               <value>SIMPLE</value>
                </entry>
               

                <entry key="java.naming.security.principal">
                    <value>cn=manager, dc=***,dc=******,dc=******,dc=***</value>
                </entry>
               

                <entry key="java.naming.security.credentials">
                    <value>******</value>
                </entry>
            </map>
        </property>
    </bean>
   

    <!– Ldap Syncronisation support –>
      
    <!– Extract user information from LDAP and transform this to XML –>
    
    <bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">

        <property name="personQuery">
            <value>(objectclass=inetOrgPerson)</value>
        </property>
       

        <property name="searchBase">
            <value> dc=***,dc=******,dc=******,dc=***</value>
        </property>
       

        <property name="userIdAttributeName">
            <value>cn</value>
        </property>
       
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="personService">
            <ref bean="personService"></ref>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       
        <property name="attributeMapping">
            <map>
                <entry key="cm:userName">
                    <value>cn</value>
                </entry>
                <entry key="cm:firstName">
                    <value>givenName</value>
                </entry>
                <entry key="cm:lastName">
                    <value>sn</value>
                </entry>
                <entry key="cm:email">
                    <value>mail</value>
                </entry>
                <entry key="cm:organizationId">
                    <value>o</value>
                </entry>
                <!– Always use the default –>
                <entry key="cm:homeFolderProvider">
                    <null/>
                </entry>
            </map>
        </property>

        <property name="attributeDefaults">
            <map>
                <entry key="cm:homeFolderProvider">
         <value>personalHomeFolderProvider</value>
                </entry>
            </map>
        </property>
    </bean>
   

    <!– Extract group information from LDAP and transform this to XML –>
  

    <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">

        <property name="groupQuery">
            <value>(objectclass=groupOfNames)</value>
        </property>
       

        <property name="searchBase">
            <value> dc=***,dc=******,dc=******,dc=***</</value>
        </property>
 
        <property name="userIdAttributeName">
            <value>cn</value>
        </property>
       

        <property name="groupIdAttributeName">
            <value>cn</value>
        </property>
       

        <property name="groupType">
            <value>groupOfNames</value>
        </property>
       

        <property name="personType">
            <value>inetOrgPerson</value>
        </property>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       

        <property name="memberAttribute">
            <value>member</value>
        </property>
       
<!–         <property name="authorityDAO">
            <ref bean="authorityDAO"/>
        </property> –>
      
    </bean>
   

   
    <bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapPeopleImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
 
        <property name="startDelay">
            <value>3000</value>
        </property>

        <property name="repeatInterval">
            <value>3600000</value>
        </property>

        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>

    </bean>
   
    <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapGroupImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>

        <property name="startDelay">
            <value>3000</value>
        </property>

        <property name="repeatInterval">
            <value>3600000</value>
        </property>

        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
  
    </bean>
   
    <!– The bean that imports xml describing people –>
   
    <bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapPeopleExportSource"/>
        </property>


        <property name="storeRef">
            <value>${spaces.store}</value>
        </property>
       

        <property name="path">
            <value>/${system.system_container.childname}/${system.people_container.childname}</value>
        </property>
       

        <property name="clearAllChildren">
            <value>false</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
       
       
        <property name="caches">
            <set>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
    </bean>
   
    <!– The bean that imports xml descibing groups –>
   
    <bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapGroupExportSource"/>
        </property>

        <property name="storeRef">
            <value>${alfresco_user_store.store}</value>
        </property>
       

        <property name="path">
            <value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
        </property>

        <property name="clearAllChildren">
            <value>true</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
       

        <property name="caches">
            <set>
                <ref bean="userToAuthorityCache"/>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
       

    </bean>
   
</beans>
Et afin de créer, lors de la synchronisation, les espaces associés aux utilisateurs, dans l’espace « Espaces utilisateurs »,
j’ai modifié le path de « personalHomeFolderProvider »
dans authentication-services-context.xml
en /${spaces.company_home.childname}/${spaces.user_homes.childname}

Premier test :
     •   La synchro fonctionne à merveille, les groupes sont créés et les espaces utilisateurs aussi (dans l’espace « Espaces utilisateurs »)

Problèmes :
     •   L’identification ldap fonctionne mais l’utilisateur n’arrive pas sur son espace perso dans « Espaces utilisateurs » mais à la place un nouvel espace perso est créé à la base l’arborescence des espaces. D’où vient ce problème ? A mon avis la modif du path de  « personalHomeFolderProvider » ne doit pas être la seule modif à faire.
     •   J’ai perdu mon utilisateur Alfresco « administrateur », et puis je voudrais aussi créer d’autres utilisateurs (hors ldap).Donc je pense devoir me tourner vers le fichier « chaining-authentication-context.xml».






Deuxièmement j’ai donc testé ceci : 
    •   Commenter la partie suivante de ldap-authentication-context.xml


    <!– LDAP authentication configuration –>

     <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">

       <value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
        </property>
    </bean>
•   Utiliser le fichier chaining-authentication-context.xml



<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
       <!– Chaining –>
    <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <ref bean="authenticationServiceImplLDAP"/>
            </list>
        </property>
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
    </bean>






    <!– Alfresco Auth –>
    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
    </bean>
        
    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>

    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>





   <!– LDAP Auth –>
    <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoLDAP" />
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplLDAP" />
        </property>
    </bean>

    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <value>uid=%s, ou=internes, ou=personnes, dc=***,dc=******,dc=******,dc=***</value>
        </property>
    </bean>
   

    <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
  
   
</beans>
Mon but est à la fois d’avoir l’authentification ldap et l’authentification utilisateurs crées et donc avec mon administrateur alfresco.

Problèmes :
     •   Je retrouve mon authentification administrateur alfresco mais perd mon authentification ldap.




A noté que je n’ai aucun message dans ma log.

Merci d’avance.

Laurent

Outcomes