If you have not read my Basic Alfresco Installation read it now before going here.
We will going to configure Alfresco to authenticate using Active Directory so that our Windows users can use Alfresco. We will not have any Alfresco account.
Alfresco’s configuration file is alfresco-global.properties, you can find it in /opt/alfresco/tomcat/shared/classes. Make sure to backup the original file, in case you mess up with it.
Basic configuration is already defined and we will add our configuration at the bottom of the file.
Authentication Chain will be passthru with ldap
authentication.chain=passthru1:passthru,ldap1:ldap
Passthru configuration. I don’t want guest users to login into my Alfresco and access my files.
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
Passthru authentication. We are not going to use CIFS/Samba and FTP, thus we are going to disable it.
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false
We have to define the Active Directory server where Alfresco users will be authenticated and define the Administrator account who’s going to configure our Alfresco.
passthru.authentication.servers=<Your.AD.Server.IP.Address>
passthru.authentication.domain=<Netbios Domain>
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=<Your.Active.Directory.Administrator.Account>
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
Ldap authentication configuration. I don’t want an LDAP authentication rather I want a passthru authentication
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<Your.AD.Server.IP.Address>:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
Ldap Synchronization. You have to define the user that has an administrative account in your Active Directory. This account will login to your Active Directory Server to pull all your users.
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=<Netbios Domain>\\<administrator.privilege.account>
ldap.synchronization.java.naming.security.credentials=<administrator.privilege.account.password>
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
We are going to synchronize all users and groups from your Domain.
ldap.synchronization.groupSearchBase=cn\=users,dc=<company.domain>,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=<company.domain>,dc=com
Other default ldap synchronization configuration
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
We want to synchronize the changes that we made from our Active Directory
synchronization.synchronizeChangesOnly=true
We are not going to use CIFS/Samba
cifs.enabled=false
Start your Alfresco and monitor your log.
$ cd /opt/alfresco
$ ./alf_start.sh
$ tail -f alfresco.log
Everything seems to be ok.
From your browser, type in your Alfresco server with port 8080
http://<Your.Alfresco.Server.IPAddress>:8080/alfresco
Login using your Active Directory account
while your Alfresco Share is
http://<Your.Alfresco.Server.IPAddress>:8080/share
Next time, I will configure Alfresco with CIFS/Samba. I read that this is tough to configure.
Wish me luck!