Bom dia,
Fiz uma customização no meu Alfresco para que além de capturar o nome e o email do usuário com o LDAP, também fosse possível que o sistema sincroniza-se outros campos, como endereço, telefone, etc…
A modificação foi bem simples, basto configurar um XML e criar novas propriedades no alfresco-global.properties, são elas:
/opt/alfresco/tomcat/shared/classes/alfresco-global.properties
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml
O Alfresco reconheceu essa simples modificação, e quando um usuário tenta modificar seus dados no share fica impedido pelo sistema, pois o Alfresco já bloqueia os campos que estão sincronizados no LDAP.
Fiz uma customização no meu Alfresco para que além de capturar o nome e o email do usuário com o LDAP, também fosse possível que o sistema sincroniza-se outros campos, como endereço, telefone, etc…
A modificação foi bem simples, basto configurar um XML e criar novas propriedades no alfresco-global.properties, são elas:
/opt/alfresco/tomcat/shared/classes/alfresco-global.properties
#
# LDAP
#
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://srv-domain:389
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=DIGEST-MD5
ldap.synchronization.java.naming.security.principal=user.it
ldap.synchronization.java.naming.security.credentials=xpasswd
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectClass\=*)
ldap.synchronization.groupDifferentialQuery=(objectClass\=*)
ldap.synchronization.personQuery=(&(objectClass=top)(&(!(OU=Desligados))(!(CN=ldap sync))))
ldap.synchronization.personDifferentialQuery=(objectClass\=*)
ldap.synchronization.groupSearchBase=OU=Grupos,DC=EMPINT,DC=local
ldap.synchronization.userSearchBase=OU=Usuarios,DC=EMPINT,DC=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
#extra fields sync – daniel.joppi
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userPhysicalDeliveryOfficeName=physicalDeliveryOfficeName
ldap.synchronization.userStreetAddress1AttributeName=streetAddress
ldap.synchronization.userCityAttributeName=l
ldap.synchronization.userStateAttributeName=st
ldap.synchronization.userPostalCodeAttributeName=postalCode
ldap.synchronization.userTelephoneNumberAttributeName=telephoneNumber
ldap.synchronization.userFaxNumberAttributeName=facsimileTelephoneNumber
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.loggingInterval=100
synchronization.workerThreads=2/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml
<!– Regularly exports user and group information from LDAP –>
<bean id="userRegistry" class="org.alfresco.repo.security.sync.ldap.LDAPUserRegistry">
<property name="active">
<value>${ldap.synchronization.active}</value>
</property>
…
<!–
This property defines a mapping between attributes held on LDAP user objects and
the properties of user objects held in the repository. The key is the QName of an attribute in
the repository, the value is the attribute name from the user/inetOrgPerson/.. object in the
LDAP repository.
–>
<property name="personAttributeMapping">
<map>
<entry key="cm:userName">
<!– Must match the same attribute as userIdAttributeName –>
<value>${ldap.synchronization.userIdAttributeName}</value>
</entry>
<entry key="cm:firstName">
<!– OpenLDAP: "givenName" –>
<!– Active Directory: "givenName" –>
<value>${ldap.synchronization.userFirstNameAttributeName}</value>
</entry>
<entry key="cm:lastName">
<!– OpenLDAP: "sn" –>
<!– Active Directory: "sn" –>
<value>${ldap.synchronization.userLastNameAttributeName}</value>
</entry>
<entry key="cm:email">
<!– OpenLDAP: "mail" –>
<!– Active Directory: "???" –>
<value>${ldap.synchronization.userEmailAttributeName}</value>
</entry>
<entry key="cm:organization">
<!– OpenLDAP: "o" –>
<!– Active Directory: "???" –>
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
</entry>
<!– This deprecated property has been replaced by "cm:organization". We will use the same mapping –>
<entry key="cm:organizationId">
<!– OpenLDAP: "o" –>
<!– Active Directory: "???" –>
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
</entry>
<entry key="cm:jobtitle">
<value>${ldap.synchronization.userJobTitleAttributeName}</value>
</entry>
<entry key="cm:location">
<value>${ldap.synchronization.userPhysicalDeliveryOfficeName}</value>
</entry>
<entry key="cm:companyaddress1">
<value>${ldap.synchronization.userStreetAddress1AttributeName}</value>
</entry>
<entry key="cm:companyaddress2">
<value>${ldap.synchronization.userCityAttributeName}</value>
</entry>
<entry key="cm:companyaddress3">
<value>${ldap.synchronization.userStateAttributeName}</value>
</entry>
<entry key="cm:companypostcode">
<value>${ldap.synchronization.userPostalCodeAttributeName}</value>
</entry>
<entry key="cm:companytelephone">
<value>${ldap.synchronization.userTelephoneNumberAttributeName}</value>
</entry>
<entry key="cm:companyfax">
<value>${ldap.synchronization.userFaxNumberAttributeName}</value>
</entry>
<!– Always use the default –>
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>
…
</bean>O Alfresco reconheceu essa simples modificação, e quando um usuário tenta modificar seus dados no share fica impedido pelo sistema, pois o Alfresco já bloqueia os campos que estão sincronizados no LDAP.
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.