{"id":418,"date":"2010-09-01T19:24:35","date_gmt":"2010-09-01T14:24:35","guid":{"rendered":"http:\/\/linuxndme.com\/?p=11"},"modified":"2011-06-22T12:29:50","modified_gmt":"2011-06-22T12:29:50","slug":"openldap-alfresco-authentication-syncronisation","status":"publish","type":"post","link":"https:\/\/blog.nixwind.com\/?p=418","title":{"rendered":"OpenLDAP Alfresco Authentication &#038; Synchronization"},"content":{"rendered":"<p><strong>1) Overview<\/strong><\/p>\n<p>User\/Group Synchronization of OpenLdap and Alfresco servers.<br \/>\nTwo servers deployed with openldap and alfresco ( Installation method :: Jumpbox)<br \/>\n<strong>2) Objective<\/strong><\/p>\n<ul>\n<li> Full Users\/Groups Synchronization from OpenLdap to Alfresco with a hourly cron<\/li>\n<li> Differential Synchronization of Users\/Groups when ever the alfresco server is restarted<\/li>\n<li> User Account Synchronization when ever a new user attempts login<\/li>\n<\/ul>\n<p><strong>3) Configuration overview<\/strong><\/p>\n<p>User type :: PosixAccount<br \/>\nGroup type :: PosixGroup<br \/>\nUser base :: ou=example,dc=com ( only users under ou example will be imported )<br \/>\nGroup base :: ou=example,dc=com ( only groups under ou example will be imported )<br \/>\nFull Sync Interval :: Hourly<br \/>\nLogin id :: cn ( users should login to alfreso\/share with the cn )<\/p>\n<p><strong>5) Configuration done on alfresco server<\/strong><\/p>\n<p><strong>Step 1<\/strong><br \/>\nMain property file<\/p>\n<p>Add the below line to the end of the file<\/p>\n<p><strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>\/opt\/alfresco\/tomcat\/shared\/classes\/alfresco-global.properties<\/strong><\/p>\n<p><em>authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap<br \/>\n#Sync Settings<br \/>\nsynchronization.synchronizeChangesOnly=false<br \/>\nsynchronization.syncOnStartup=true<br \/>\nsynchronization.syncWhenMissingPeopleLogIn=true<br \/>\nsynchronization.import.cron=0 0 * * * ?<\/em><\/p>\n<p><strong>Step 2<\/strong><br \/>\n<strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>mkdir -p \/opt\/alfresco\/tomcat\/shared\/classes\/alfresco\/extension\/subsystems\/Authentication\/ldap\/ldap1 <\/strong><\/p>\n<p><strong>Step 3<\/strong><\/p>\n<p>Configuring common-ldap-context.xml, ldap-authentication.properties, ldap-authentication-context.xml<\/p>\n<p><strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>cp -p\u00a0 \/opt\/alfresco\/tomcat\/webapps\/alfresco\/WEB-INF\/classes\/alfresco\/subsystems\/Authentication\/ldap\/ldap-authentication-context.xml   \/opt\/alfresco\/tomcat\/shared\/classes\/alfresco\/extension\/subsystems\/Authentication\/ldap\/ldap1\/ <\/strong><\/p>\n<p><strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>cp -p  \/opt\/Alfresco\/tomcat\/webapps\/alfresco\/WEB-INF\/classes\/alfresco\/subsystems\/Authentication\/common-ldap-context.xml   \/opt\/Alfresco\/tomcat\/shared\/classes\/alfresco\/extension\/subsystems\/Authentication\/ldap\/<\/strong><\/p>\n<p><strong><span style=\"color: #3ea99f;\">root@home:~# <\/span> vi \/opt\/alfresco\/tomcat\/shared\/classes\/alfresco\/extension\/subsystems\/Authentication\/ldap\/ldap1\/ldap-authentication.properties<\/strong><\/p>\n<p><em>ldap.authentication.active=true<br \/>\nldap.authentication.allowGuestLogin=false<br \/>\nldap.authentication.userNameFormat=cn=%s,ou=example,dc=com<br \/>\nldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<br \/>\nldap.authentication.java.naming.provider.url=ldap:\/\/ldap_server_ip:389<br \/>\nldap.authentication.java.naming.security.authentication=simple<br \/>\nldap.authentication.escapeCommasInBind=false<br \/>\nldap.authentication.escapeCommasInUid=false<br \/>\nldap.authentication.defaultAdministratorUserNames=admin<br \/>\nldap.synchronization.active=true<br \/>\nldap.synchronization.java.naming.security.authentication=simple<br \/>\nldap.synchronization.java.naming.security.principal=cn=Admin,dc=com<br \/>\nldap.synchronization.java.naming.security.credentials=secret<br \/>\nldap.synchronization.queryBatchSize=1000<br \/>\nldap.synchronization.groupQuery=(objectclass=posixGroup)<br \/>\nldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=posixGroup)(!(modifyTimestamp&lt;={0})))<br \/>\nldap.synchronization.personQuery=(objectclass=posixAccount)<br \/>\nldap.synchronization.personDifferentialQuery=(&amp;(objectclass=posixAccount)(!(modifyTimestamp&lt;={0})))<br \/>\nldap.synchronization.groupSearchBase=ou=example,dc=com<br \/>\nldap.synchronization.userSearchBase=ou=example,dc=Directory<br \/>\nldap.synchronization.modifyTimestampAttributeName=modifyTimestamp<br \/>\nldap.synchronization.timestampFormat=yyyyMMddHHmmss&#8217;Z&#8217;<br \/>\nldap.synchronization.userIdAttributeName=uid<br \/>\nldap.synchronization.userFirstNameAttributeName=givenName<br \/>\nldap.synchronization.userLastNameAttributeName=sn<br \/>\nldap.synchronization.userEmailAttributeName=mail<br \/>\nldap.synchronization.userOrganizationalIdAttributeName=o<br \/>\nldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider<br \/>\nldap.synchronization.groupIdAttributeName=cn<br \/>\nldap.synchronization.groupType=posixGroup<br \/>\nldap.synchronization.personType=posixAccount<br \/>\nldap.synchronization.groupMemberAttributeName=memberUid<br \/>\nldap.synchronization.enableProgressEstimation=true<\/em><\/p>\n<p>Please make sure to provide proper LDAP server IP, login and\u00a0 with the directives<\/p>\n<p>ldap.authentication.java.naming.provider.url=ldap:\/\/ldap_server_ip:389<br \/>\nldap.synchronization.java.naming.security.principal=cn=Admin,dc=com<br \/>\nldap.synchronization.java.naming.security.credentials=secret<br \/>\nldap.authentication.defaultAdministratorUserNames=admin<\/p>\n<p><strong>Step 4<\/strong><br \/>\nLog configuration<\/p>\n<p>Add the following lines to the end of the given file<\/p>\n<p><strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>vi \/opt\/alfresco\/tomcat\/webapps\/alfresco\/WEB-INF\/classes\/log4j.properties<\/strong><\/p>\n<p><em>log4j.logger.org.alfresco.repo.importer.ImporterJob=debug<br \/>\nlog4j.logger.org.alfresco.repo.importer.ExportSourceImporter=debug<br \/>\nlog4j.logger.org.alfresco.repo.security.authentication.ldap=debug<\/em><\/p>\n<p><strong>Step 5<\/strong><\/p>\n<p>Stop\/Start alfresco<br \/>\n<strong><span style=\"color: #3ea99f;\">root@home:~# <\/span>\/etc\/init.d\/alfresco stop<br \/>\n<span style=\"color: #3ea99f;\">root@home:~# <\/span>\/etc\/init.d\/alfresco start<\/strong><\/p>\n<p><a href=\"http:\/\/linuxndme.com\/?page_id=70\"><br \/>\n<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1) Overview User\/Group Synchronization of OpenLdap and Alfresco servers. Two servers deployed with openldap and alfresco ( Installation method :: Jumpbox) 2) Objective Full Users\/Groups Synchronization from OpenLdap to Alfresco with a hourly cron Differential Synchronization of Users\/Groups when ever the alfresco server is restarted User Account Synchronization when ever a new user attempts login [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[41,43],"tags":[99,42],"_links":{"self":[{"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/posts\/418"}],"collection":[{"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=418"}],"version-history":[{"count":2,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/posts\/418\/revisions"}],"predecessor-version":[{"id":577,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=\/wp\/v2\/posts\/418\/revisions\/577"}],"wp:attachment":[{"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nixwind.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}