AnsweredAssumed Answered

Alfresco CIFS + LDAP [RESOLVIDO]

Question asked by danieljoppi on Feb 28, 2012
Latest reply on Mar 8, 2012 by danieljoppi
Boa tarde,

Estamos tentando configurar o alfresco para funcionar integrado com o LDAP. Consegui configurar para que a sincronização de usuários seja feita. Isso está ok.
O problema é quando tentamos acessar o alfresco via CIFS. Não consigo fazer ele funcionar. Para o FTP funciona ok, mas o CIFS está dando dor de cabeça.

A baixo as minhas configurações, alfresco-global.properties
#
# File System
#
filesystem.name=Intranet
#filesystem.acl.global.defaultAccessLevel=
filesystem.domainMappings=workgroup
filesystem.domainMappings.value.workgroup.subnet=172.16.0.0
filesystem.domainMappings.value.workgroup.mask=255.255.0.0


authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad

alfresco.authentication.allowGuestLogin=true
alfresco.authentication.authenticateCIFS=false

ntlm.authentication.sso.enabled=false
ntlm.authentication.mapUnknownUserToGuest=true

#
# CIFS
#
cifs.enabled=true
cifs.localname=intranet
cifs.serverName=${cifs.localname}
cifs.domain=workgroup
cifs.broadcast=255.255.255.255
cifs.bindto=0.0.0.0
cifs.ipv6=disabled
cifs.hostannounce=true

# Can be mapped to non-privileged ports, then use firewall rules to forward requests from the standard ports
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.sessionPort=1139
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138

# Optional WINS server primary and secondary IP addresses. Ignored if autoDetectEnabled=true
cifs.WINS.autoDetectEnabled=true

#
# FTP
#
ftp.enabled=true
ftp.port=2121
ftp.ipv6=disabled

#
# NFS
#
nfs.enabled=false

#
# Passthru
#
passthru.authentication.useLocalServer=false
passthru.authentication.domain=workgroup
passthru.authentication.servers=workgroup\\srv-domain,172.16.1.250,
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NetBIOS
passthru.authentication.sso.enabled=true
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

#
# LDAP
#
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://srv-domain:389
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=DIGEST-MD5
ldap.synchronization.java.naming.security.principal=user.it
ldap.synchronization.java.naming.security.credentials=xpasswd
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectClass\=*)
ldap.synchronization.groupDifferentialQuery=(objectClass\=*)
ldap.synchronization.personQuery=(&(objectClass=top)(&(!(OU=Desligados))(!(CN=ldap sync))))
ldap.synchronization.personDifferentialQuery=(objectClass\=*)
ldap.synchronization.groupSearchBase=OU=Grupos,DC=workgroup,DC=local
ldap.synchronization.userSearchBase=OU=Usuarios,DC=workgroup,DC=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.loggingInterval=100
synchronization.workerThreads=2

file-server-custom.xml
<alfresco-config area="file-servers">

   <config evaluator="string-compare" condition="CIFS Server">
      <serverEnable enabled="${cifs.enabled}"/>
     
      <host name="${cifs.localname}" domain="${cifs.domain}"/>
      <comment>Intranet Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>${cifs.broadcast}</broadcast>
     
      <!– Set to the IP for the adapter for Java socket –>
      <bindto>${cifs.bindto}</bindto>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <!–       
      <tcpipSMB ipv6="${cifs.ipv6}" platforms="linux,solaris,macosx"/>
      <netBIOSSMB bindto="${cifs.bindto}" platforms="linux,solaris,macosx"/>
      –>

       <!– Can be mapped to non-privileged ports, then use firewall rules to forward
            requests from the standard ports –>
      <tcpipSMB port="${cifs.tcpipSMB.port}" ipv6="${cifs.ipv6}" platforms="linux,solaris,macosx"/>
      <netBIOSSMB sessionPort="${cifs.netBIOSSMB.sessionPort}" namePort="${cifs.netBIOSSMB.namePort}" datagramPort="${cifs.netBIOSSMB.datagramPort}" platforms="linux,solaris,macosx"/>

      <!– Announce the server to the workgroup/domain –>
      <!– Use enabled="false" attribute to disable announcements –>             
      <hostAnnounce interval="5" enabled="${cifs.hostannounce}"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <!–Win32NetBIOS/–>

      <!– Announce the server to the workgroup/domain –>
      <!– Use enabled="false" attribute to disable announcements –>             
      <!–Win32Announce interval="5" enabled="${cifs.hostannounce}"/–>

      <!– CIFS authentication –>
      <!– Available types are 'alfresco', 'passthru' and 'enterprise' –>
      <!–
      <authenticator type="enterprise"/>   
      –>
     
      <!– CIFS Passthru authentication sample –>
      <!– Also see the <DomainMappings> config in the 'Filesystem Security' section below –>
      <authenticator type="passthru">
        <Server>srv-domain</Server>
   <Domain>workgroup</Domain>
        <protocolOrder>TCPIP,NetBIOS</protocolOrder>
        <offlineCheckInterval>60</offlineCheckInterval>
      </authenticator>
     
      <!– CIFS Enterprise authentication sample with Kerberos –>
      <!–
      <authenticator type="enterprise"/>
         <KDC>192.168.1.240</KDC>
         <Realm>WIN2003.ALFRESCO.ORG</Realm>
         <Password>password</Password>
         
         <kerberosDebug/>
      </authenticator>     
      –>
     
      <!– Disable the use of asynchronous sockets/NIO code –>
      <!–
      <disableNIO/>
      –>
     
      <!– Disable the use of JNI code –>
      <!– Only currently affects Windows –>
      <!–
      <disableNativeCode/>
      –>
     
      <!– Session timeout, in seconds –>
      <!– Defaults to 15 minutes, to match the default Windows client setting        –>
      <!– If no I/O is received within that time the session is closed by the server –>
      <!–
      <sessionTimeout>300</sessionTimeout>
      –>
     
      <!– Enable WINS if used for NetBIOS name lookups –>
      <!–
      <WINS>
         <primary>1.2.3.4</primary>
         <secondary>5.6.7.8</secondary>
      </WINS>
      –>
     
      <!– CIFS server debug settings –>
      <!– Enable 'log4j.logger.org.alfresco.fileserver=debug' in log4j.properties file –>
      <sessionDebug flags="NetBIOS,Pkttype,Streams,Negotiate,Socket,Tree,Errors,State"/>
   </config>

   <config evaluator="string-compare" condition="FTP Server">
      <serverEnable enabled="${ftp.enabled}"/>
     
      <!– Run on a non-privileged port –>
      <port>${ftp.port}</port>

      <!– IPv6 support –>
      <IPv6 state="${ftp.ipv6}"/>
      <!–
      <rootDirectory>/Alfresco/</rootDirectory>
      –>

      <!– FTP authentication –>
      <!– Available types are 'alfresco' and 'passthru' –>
      <authenticator type="alfresco" />
           
      <!– FTP server debug settings –>
      <!– Enable 'log4j.logger.org.alfresco.fileserver=debug' in log4j.properties file –>
      <debug flags="File,Search,Error,Directory,Info,DataPort"/>

   </config>
  
   <config evaluator="string-compare" condition="NFS Server">
      <serverEnable enabled="${nfs.enabled}"/>

      <!– Map NFS user/group ids to Alfresco users –>     
      <rpcAuthenticator>
         <userMappings>
            <user name="admin" uid="0" gid="0"/>
         </userMappings>
      </rpcAuthenticator>
   </config>
   
   <config evaluator="string-compare" condition="Filesystems">
      <filesystems>
         
         <!– Alfresco repository access shared filesystem –>
         <filesystem name="${filesystem.name}">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>

            <!– Desktop actions –>
            <!– Uses a client-side application to trigger a server-side action                         –>
            <!–   Echo - displays a message echoed from the server                                     –>
            <!–   URL  - launches a URL via the Windows shell                                          –>
            <!–   CmdLine - launches the Notepad application                                           –>
            <!–   CheckInOut - checks files in/out, drag and drop files onto the application           –>
            <!–   JavaScript - run a server-side script                                                –>
            <!–   JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
            <!–                   to avoid having to logon                                             –>
            <desktopActions>
               <!–
               <global>
                  <path>alfresco/desktop/Alfresco.exe</path>
                  <webpath>http://${localname}:8080/alfresco/</webpath>
               </global>
               <action>
                  <class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
                  <name>CheckInOut</name>
                  <filename>__CheckInOut.exe</filename>
               </action>
               <action>
                  <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
                  <name>JavaScriptURL</name>
                  <filename>__ShowDetails.exe</filename>
                  <script>alfresco/desktop/showDetails.js</script>
                  <attributes>anyFiles</attributes>
                  <preprocess>copyToTarget</preprocess>
               </action>
                –>        

               <!– Other desktop actions which may be enabled –>
               <!–
                <action>
                    <class>org.alfresco.filesys.repo.desk.EchoDesktopAction</class>
                    <name>Echo</name>
                    <filename>__AlfrescoEcho.exe</filename>
                </action>
                <action>
                    <class>org.alfresco.filesys.repo.desk.URLDesktopAction</class>
                    <name>URL</name>
                    <filename>__AlfrescoURL.exe</filename>
                </action>
                <action>
                    <class>org.alfresco.filesys.repo.desk.CmdLineDesktopAction</class>
                    <name>CmdLine</name>
                    <filename>__AlfrescoCmd.exe</filename>
                </action>
                <action>
                    <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
                    <name>JavaScript</name>
                    <filename>__AlfrescoScript.exe</filename>
                    <script>alfresco/desktop/dumpRequest.js</script>
                    <attributes>anyFiles, multiplePaths , allowNoParams</attributes>
                    <preprocess>confirm, copyToTarget</preprocess>
                </action>
                –>                             
            </desktopActions>

            <!– Additional access control of the filesystem –>
            <!– Access type of 'none' will stop the filesystem from showing up for that user/address/protocol –>             
            <!–
            <accessControl default="Write">
               <user name="admin" access="Write"/>
               <address subnet="192.168.1.0" mask="255.255.255.0" access="Write"/>
            </accessControl>
            –>
         </filesystem>
          
           <!– AVM virtualization view of all stores/versions for WCM –>
           <!– virtual view stores filter can be any of the following: normal, site, staging, author, preview –>
         <avmfilesystem name="AVM">
            <virtualView stores="site,staging,author"/>
         </avmfilesystem>
          
      </filesystems>
   </config>

   <config evaluator="string-compare" condition="Filesystem Security">
      <!– Domain mappings used for passthru authentication routing              –>
      <!– Used when the client does not provide a domain name in the NTLM logon –>
      <!–
      <DomainMappings>
          <Domain name="egc" subnet="192.1.0.0" mask="192.1.255.255"/>
      </DomainMappings>
      –>
     
      <!– Custom share mapper when multi-tenancy is enabled –>
      <!–
      <shareMapper type="multi-tenant">
        <debug/>
      </shareMapper>
      –>
     
      <!– Global access control list                                                                    –>
      <!– Applied to all filesystems that do not have an <accessControl> block                          –>
      <!– Access type of 'none' will stop the filesystem from showing up for that user/address/protocol –>             
      <!–
      <globalAccessControl default="None">
         <user name="admin" access="Write"/>
         <address ip="172.16.1.2" access="Write"/>
      </globalAccessControl>
      –>
   </config>

</alfresco-config>

Outcomes