AnsweredAssumed Answered

Alfresco + synchronisation Ldap

Question asked by gwenhaelbzh on Apr 14, 2009
Bonjour,

Configuration : Alfresco 3 Labs stable

N'ayant toujours pas résolu ce problème : http://forums.alfresco.com/fr/viewtopic.php?f=6&t=2789, j'ai laissé de côté CAS pour le moment mais tâche néanmoins de me connecter à Alfresco avec LDAP.

J'arrive à me connecter en utilisant les utilisateurs de l'annuaire et ces derniers, ainsi que les groupes, sont bien importés dans Alfresco.

Toutefois, les différents attributs des utilisateurs ne sont pas renseignés dans Alfresco : nom, mail etc.

J'ai pourtant bien l'impression d'avoir correctement renseigné les fichiers .properties (voir à la fin du post).

Il n'y a aucune trace d'erreurs.

Je voulais savoir également s'il était possible de créer les workspaces des utilisateurs dynamiquement où l'on veut dans l'arborescence des répertoires d'Alfresco.
Je m'explique : par défaut, lorsque un utilisateur se connecte pour la première fois, son workspace est créé automatiquement dans l'espace utilisateur.
Je souhaiterais que les workspaces personnels se trouvent dans un workspace de niveau supérieur commun à tous les utilisateurs d'un même groupe.

Merci par avance
Gwenhaël

ldap-authentication.properties :


#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=uid=%s,ou=users,dc=my-domain,dc=com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://localhost:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=cn=Manager,dc=my-domain,dc=com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

ldap-synchronisation.properties :


#
# This properties file is used to configure LDAP syncronisation
#

# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)

# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=ou=users,dc=my-domain,dc=com

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider

# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfUniqueNames)

# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=ou=groups,dc=my-domain,dc=com

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronisation.groupType=groupOfUniqueNames

# The person type in LDAP
ldap.synchronisation.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=uniqueMember

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ?

# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?

# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true

Outcomes