AnsweredAssumed Answered

Unable to get SSO+LDAP working

Question asked by nickbsd on Jul 14, 2011
I've been editing Alfresco all day (litterally) changing settings based on suggestions on the Alfresco WIKI and here in the forums and I'm still unable to get SSO with LDAP working. I wanted to be able to specify both NATIVE logon support via Alfresco (to use default admin account) and use Active Directory for authentication.

If I deploy the alfresco tomcat .WAR file, do I edit the alfresco files that are decompressed when I deploy the war file? IE: TOMCAT_ROOT/webapps/alfresco/*

OR

TOMCAT_ROOT/shared/classes/alfresco/*



Files and contents:
{tomcat root}/webapps/alfresco/WEB-INF/classes/alfresco-global.properties


alfresco.authentication.allowGuestLogin=false
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
cifs.domain=DOMAIN

# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=true
passthru.authentication.sso.enabled=true
passthru.authentication.servers=HOSTNAME_OF_AD_SERVER
passthru.authentication.domain=DOMAIN
passthru.authentication.useLocalServer=true
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.mapUnknownUserToGuest=false

##### Ldap Synchronisation
ldap.authentication.active=false
ldap.synchronization.active=true

# User Bind settings
ldap.authentication.java.naming.provider.url=ldap://HOSTNAME_OF_AD_SERVER:389
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=alfuser,dc=alfresco,dc=com
ldap.synchronization.java.naming.security.credentials=alfuser_password

# what to sync
ldap.synchronization.userSearchBase=ou=People,dc=alfresco,dc=com
ldap.synchronization.groupSearchBase=ou=Distribution-Lists,dc=alfresco,dc=com
ldap.synchronization.groupQuery=(objectclass=posixGroup)
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
synchronization.synchronizeChangesOnly=true
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# map attributes
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=cn
ldap.synchronization.userEmailAttributeName=mail

I'm attempting to stand up a working Alfresco environment to get away from Microsoft and help our environment deploy an OpenSource solution.

Please keep in mind that I'm still learning, hence I may not know entirely what I'm doing.

Outcomes