AnsweredAssumed Answered

Subgroups in LDAP

Question asked by agey on May 3, 2011
Latest reply on May 13, 2011 by agey
Hi all,

I am using LDAP to authenticate users in Alfresco and it works fine. The LDAP tree has users and groups of users but now I have to define subgroups in Alfresco to configure permissions due to new requirements. How can I define subgroups in LDAP tree? And, how must be defined the Alfresco synchronization file?

This is my LDAP tree:

dn: dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: dcObject
objectClass: organization
dc: alfresco

dn: cn=admin,dc=alfresco,dc=sample,dc=sm
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: *********

dn: ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: people

dn: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user1
givenName: user1
sn: user1
userPassword:: *****

dn: ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=groupA,ou=groups,dc=alfresco,dc=sample,dc=sm
objectClass: groupOfUniqueNames
objectClass: top
cn: groupA
uniqueMember: cn=user1,ou=people,dc=alfresco,dc=sample,dc=sm

The Alfresco property files to configure LDAP are the following:



ldap.authentication.userNameFormat=cn\=%s,ou\=people,dc\=alfresco,dc\=sample,dc\=sm

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

ldap.authentication.java.naming.provider.url=ldap://192.168.2.30:389

ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.java.naming.security.principal=cn=admin,dc=alfresco,dc=sample,dc=sm

ldap.authentication.java.naming.security.credentials=*****

ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false



ldap.synchronization.active=true

ldap.synchronisation.personQuery=(objectclass\=inetOrgPerson)

ldap.synchronisation.personSearchBase=dc\=alfresco,dc\=sample,dc\=sm

ldap.synchronisation.userIdAttributeName=cn

ldap.synchronisation.userFirstNameAttributeName=givenName

ldap.synchronisation.userLastNameAttributeName=sn

ldap.synchronisation.userEmailAttributeName=mail

ldap.synchronisation.userOrganizationalIdAttributeName=o

ldap.synchronisation.defaultHomeFolderProvider=userHomesHomeFolderProvider

ldap.synchronisation.groupQuery=(objectclass\=groupOfUniqueNames)

ldap.synchronisation.groupSearchBase=dc\=alfresco,dc\=sample,dc\=sm

ldap.synchronisation.groupIdAttributeName=cn

ldap.synchronisation.groupType=groupOfUniqueNames

ldap.synchronisation.personType=inetOrgPerson

ldap.synchronisation.groupMemberAttributeName=uniqueMember

ldap.synchronisation.import.person.cron=0 */10 * * * ?

ldap.synchronisation.import.group.cron=0 */20 * * * ?

ldap.synchronisation.import.group.clearAllChildren=true


How can I define subgroups in LDAP and define mapping in Alfresco property file for synchronisation?

Thanks a lot in advance,

Outcomes