AnsweredAssumed Answered

Open Ldap y Alfresco 4.2.c

Question asked by jvillafranca83 on Mar 22, 2014
Latest reply on Mar 22, 2014 by cristinamr
Saludos amigos, he instalado Alfresco 4.2.c he intentado configurarlo para tener acceso desde mis usuarios en servidor OpenLdap pero ningún resultado positivo, he leido por internet los cambios y agregados a los archivos alfresco-global.properties y ldap-authentication.properties

Les muestro como tengo mi archivo alfresco-global.properties sin cambios para que por favor me ayuden concretamente que debo hacer en el y muchas gracias por toda la ayuda que puedan prestarme amigos.

###############################
## Common Alfresco Properties #
###############################

#
# Sample custom content and index data location
#
#dir.root=/srv/alfresco/alf_data
#dir.keystore=${dir.root}/keystore

#
# Sample database connection properties
#
#db.username=alfresco
#db.password=alfresco

#
# External locations
#————-
#ooo.exe=soffice
#ooo.enabled=false
#jodconverter.officeHome=./OpenOffice.org
#jodconverter.portNumbers=8101
#jodconverter.enabled=true
#img.root=./ImageMagick
#swf.exe=./bin/pdf2swf

#
# Property to control whether schema updates are performed automatically.
# Updates must be enabled during upgrades as, apart from the static upgrade scripts,
# there are also auto-generated update scripts that will need to be executed.  After
# upgrading to a new version, this can be disabled.
#
#db.schema.update=true

#
# MySQL connection
#
#db.driver=org.gjt.mm.mysql.Driver
#db.url=jdbc:mysql://localhost/alfresco?useUnicode=yes&characterEncoding=UTF-8

#
# Oracle connection
#
#db.driver=oracle.jdbc.OracleDriver
#db.url=jdbc:oracle:thin:@localhost:1521:alfresco

#
# SQLServer connection
# Requires jTDS driver version 1.2.5 and SNAPSHOT isolation mode
# Enable TCP protocol on fixed port 1433
# Prepare the database with:
# ALTER DATABASE alfresco SET ALLOW_SNAPSHOT_ISOLATION ON;
#
#db.driver=net.sourceforge.jtds.jdbc.Driver
#db.url=jdbc:jtds:sqlserver://localhost:1433/alfresco
#db.txn.isolation=4096

#
# PostgreSQL connection (requires postgresql-8.2-504.jdbc3.jar or equivalent)
#
#db.driver=org.postgresql.Driver
#db.url=jdbc:postgresql://localhost:5432/alfresco
#
# DB2 connection
#
#db.driver=com.ibm.db2.jcc.DB2Driver
#db.url=jdbc:db2://localhost:50000/alfresco:retrieveMessagesFromServerOnGetMessage=true;

#
# Index Recovery Mode
#————-
#index.recovery.mode=AUTO

#
# Outbound Email Configuration
#————-
#mail.host=
#mail.port=25
#mail.username=anonymous
#mail.password=
#mail.encoding=UTF-8
#mail.from.default=alfresco@alfresco.org
#mail.smtp.auth=false

#
# Alfresco Email Service and Email Server
#————-

# Enable/Disable the inbound email service.  The service could be used by processes other than
# the Email Server (e.g. direct RMI access) so this flag is independent of the Email Service.
#————-
#email.inbound.enabled=true

# Email Server properties
#————-
#email.server.enabled=true
#email.server.port=25
#email.server.domain=alfresco.com
#email.inbound.unknownUser=anonymous

# A comma separated list of email REGEX patterns of allowed senders.
# If there are any values in the list then all sender email addresses
# must match. For example:
#   .*\@alfresco\.com, .*\@alfresco\.org
# Allow anyone:
#————-
#email.server.allowed.senders=.*

#
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#————-
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap:ldap

#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#————-
#alfresco.context=alfresco
#alfresco.host=${localname}
#alfresco.port=8080
#alfresco.protocol=http
#
#share.context=share
#share.host=${localname}
#share.port=8080
#share.protocol=http

#imap.server.enabled=true
#imap.server.port=143
#imap.server.host=localhost

# Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'.
# This allows connections to JMX both remotely and locally.
#
alfresco.rmi.services.host=0.0.0.0

#
# RMI service ports for the individual services.
# These seven services are available remotely.
#
# Assign individual ports for each service for best performance
# or run several services on the same port. You can even run everything on 50500 if needed.
#
# Select 0 to use a random unused port.
#
#avm.rmi.service.port=50501
#avmsync.rmi.service.port=50502
#attribute.rmi.service.port=50503
#authentication.rmi.service.port=50504
#repo.rmi.service.port=50505
#action.rmi.service.port=50506
#wcm-deployment-receiver.rmi.service.port=50507
#monitor.rmi.service.port=50508

<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>
ESTE ES MI ARCHIVO ldap-authentication.properties

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definit$
#
ldap.authentication.allowGuestLogin=true
# How to map the user id entered by the user to that passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      uid=%s,ou=People,dc=company,dc=com
# - digest
#    - usually pass through what is entered
#      %s
# If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName wi$
# be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID$
# appear in the DN.
ldap.authentication.userNameFormat=


# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://openldap.domain.com:389


# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=administrador

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false


# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=cn\=Manager,dc\=company,dc\=com
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=secret
# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=0

# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.
ldap.synchronization.attributeBatchSize=0

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=company,dc\=com


# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=People,dc\=company,dc\=com
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=description

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member

# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.

ldap.synchronization.enableProgressEstimation=true

# Requests timeout, in miliseconds, use 0 for none (default)
ldap.authentication.java.naming.read.timeout=0

Outcomes