LDAP-CIFS on Alfresco Enterprise v3.0.0
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Alfresco Hub
- :
- ACS - Hub Docs
- :
- LDAP-CIFS on Alfresco Enterprise v3.0.0
LDAP-CIFS on Alfresco Enterprise v3.0.0
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
6 Jun 2015
0:40 AM
Obsolete Pages{{Obsolete}}
The official documentation is at: http://docs.alfresco.com
- Instructions, as I can recall them.
- This works with Enterprise 3.0 (I will post eventual changes for 3.1 once we have done the migration)
- Last change: April 24, 2009
Here are instructions on how we have setup Alfresco to authenticate against LDAP. This is using Alfresco v.3.0.0, OpenLDAP on a Linux/Debian Etch platform.
Table of Contents
- 1 Create your LDAP tree
- 2 Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-synchronisation-context.xm...
- 3 Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-synchronisation.properties
- 4 Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-authentication-context.xml
- 5 Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-authentication.properties
- 6 Create and deploy your customized auth bean.
- 7 Create/edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/extension/file-servers-...
- 8 Appendix - Instruction for Alfresco Labs 3 STABLE
Create your LDAP tree
To keep things simple we only enabled simple authentication. This requires having all users under a single location in the LDAP tree, for example 'uid=user.name,ou=people,dc=company,dc=com'.
You will need to use PLAIN TEXT passwords. NOTE: this is not an issue in our case, as the LDAP and Alfresco servers are located in the same network cluster. Otherwise, you will need to secure the transfer with a tunnel, as password will be sent in clear over the wire.
Make sure you know the username and password of the 'manager' account. It is used by Alfresco to access the LDAP tree, and the credential have to be placed in the config files.
Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-synchronisation-context.xml
Just renaming the default ldap-synchronisation-context.xml.sample is probably ok, but check to see if anything particular to your config is required. In our case, no changes were required.
Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-synchronisation.properties
Enter the specifics for your installation, based on the way your LDAP tree is structured. In our case:
#
# This properties file is used to configure LDAP syncronisation
#
# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=companyPerson)
# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=ou=people,dc=company,dc=com
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o
# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfNames)
# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=ou=groups,dc=company,dc=com
# The attribute on LDAP group objects to map to the gid property in Alfresco
ldap.synchronisation.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronisation.groupType=groupOfNames
# The person type in LDAP
ldap.synchronisation.personType=companyPerson
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member
# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ? 2090
#ldap.synchronisation.import.person.cron=0 0/10 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ? 2090
#ldap.synchronisation.import.group.cron=0 0/10 * * * ?
# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which yo
u should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true
Note: In our setup, we are now disabling automatic sync via cron, because we are doing it via a custom action instead.
Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-authentication-context.xml
Copy the sample file. This is where it is becoming interesting. Instead of using the 'standard' authentication bean, we instruct Alfresco to use another, custom bean to provide MD4 encryption of the password to be compatible with CIFS.
<beans>
<bean name='ldapAuthenticationPlaceholderConfigurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'>
<property name='ignoreUnresolvablePlaceholders'>
<value>true</value>
</property>
<property name='locations'>
<value>classpath:alfresco/extension/ldap-authentication.properties</value>
</property>
</bean>
<bean name='authenticationDao' class='org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao' >
<property name='allowDeleteUser'>
<value>true</value>
</property>
</bean>
<bean id='authenticationDaoFull' class='com.company.repo.security.authentication.RepositoryAuthenticationDao' >
<property name='nodeService'>
<ref bean='nodeService' />
</property>
<property name='dictionaryService'>
<ref bean='dictionaryService' />
</property>
<property name='namespaceService'>
<ref bean='namespaceService' />
</property>
<property name='searchService'>
<ref bean='admSearchService' />
</property>
<property name='userNamesAreCaseSensitive'>
<value>${user.name.caseSensitive}</value>
</property>
<property name='passwordEncoder'>
<ref bean='passwordEncoder' />
</property>
</bean>
<bean id='authenticationComponent'>
class='com.company.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl'
parent='authenticationComponentBase'>
<property name='LDAPInitialDirContextFactory'>
<ref bean='ldapInitialDirContextFactory'/>
</property>
<property name='userNameFormat'>
<value>${ldap.authentication.userNameFormat}</value>
</property>
<property name='allowGuestLogin'>
<value>false</value>
</property>
<property name='nodeService'>
<ref bean='nodeService' />
</property>
<property name='personService'>
<ref bean='personService' />
</property>
<property name='transactionService'>
<ref bean='transactionService' />
</property>
<property name='authenticationDao'>
<ref bean='authenticationDaoFull' />
</property>
</bean>
<bean id='ldapInitialDirContextFactory' class='org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl'>
<property name='initialDirContextEnvironment'>
<map>
<entry key='java.naming.factory.initial'>
<value>${ldap.authentication.java.naming.factory.initial}</value>
</entry>
<entry key='java.naming.provider.url'>
<value>${ldap.authentication.java.naming.provider.url}</value>
</entry>
<entry key='java.naming.security.authentication'>
<value>${ldap.authentication.java.naming.security.authentication}</value>
</entry>
<entry key='java.naming.security.principal'>
<value>${ldap.authentication.java.naming.security.principal}</value>
</entry>
<entry key='java.naming.security.credentials'>
<value>${ldap.authentication.java.naming.security.credentials}</value>
</entry>
</map>
</property>
</bean>
</beans>
Create/edit /opt/alfresco/tomcat/shared/classes/alfresco/extension/ldap-authentication.properties
This defines where to find the LDAP server, which username to connect as, etc...
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
# How to map the user id entered by the user to taht passed through to LDAP
# - simple
# - this must be a DN and would be something like
# CN=%s,DC=company,DC=com
# - digest
# - usually pass through what is entered
# %s
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=company,dc=com
# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple
# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=cn=manager,dc=company,dc=com
# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=***THE PASSWORD IN CLEAR***
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
#ldap.authentication.escapeCommasInBind=false
# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
#ldap.authentication.escapeCommasInUid=false
Create and deploy your customized auth bean.
It will take auth data from the LDAP server and save it in MD4 in the Alfresco database.
Make sure to use whatever system you use to build and deploy these beans to your extension directory.
File: com/company/repo/security/authentication/RepositoryAuthenticationDao.java
package com.company.repo.security.authentication;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.dao.User;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.springframework.dao.DataAccessException;
/**
* This RepositoryAuthenticationDao servers for CIFS authentication. Based on alfresco's RepositoryAuthenticationDao
* with some modification/fixes.
*
*
*
* @author RVycital
*/
public class RepositoryAuthenticationDao implements MutableAuthenticationDao{
//private static final StoreRef STOREREF_USERS = new StoreRef('user', 'alfrescoUserStore');
private static final StoreRef STOREREF_USERS = new StoreRef('workspace', 'SpacesStore');
private StoreRef userStoreRef;
private NodeService nodeService;
private NamespacePrefixResolver namespacePrefixResolver;
@SuppressWarnings('unused')
private DictionaryService dictionaryService;
private SearchService searchService;
private RetryingTransactionHelper retryingTransactionHelper;
private PasswordEncoder passwordEncoder;
private boolean userNamesAreCaseSensitive;
/**
* People are stored like type PERSON in our cases (not a USR).
* Perhaps an alfresco bug. Also corrects the PROP_USER_USERNAME to PROP_USERNAME for this case.
*/
public NodeRef getUserOrNull(String searchUserName)
{
if(searchUserName == null)
{
return null;
}
if(searchUserName.length() == 0)
{
return null;
}
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery('TYPE:\'{http://www.alfresco.org/model/content/1.0}person\' AND '
+ ' (@\\{http\\://www.alfresco.org/model/content/1.0\\}userName:\''+searchUserName+'\')');
//old impl
//sp.setQuery('@usr\\:username:\'' + searchUserName + '\'');
sp.addStore(STOREREF_USERS);
// try
// {
// sp.addStore(tenantService.getName(searchUserName, userStoreRef));
// }
// catch (AlfrescoRuntimeException e)
// {
// return null; // no such tenant or tenant not enabled
// }
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME)); //used to be PROP_USER_USERNAME
if (userNamesAreCaseSensitive)
{
if (realUserName.equals(searchUserName))
{
if(returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException('Found more than one user for '+searchUserName+ ' (case sensitive)');
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if(returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException('Found more than one user for '+searchUserName+ ' (case insensitive)');
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, DataAccessException {
NodeRef userRef = getUserOrNull(incomingUserName);
if (userRef == null) {
throw new UsernameNotFoundException('Could not find user by userName: ' + incomingUserName);
}
Map<QName, Serializable> properties = nodeService.getProperties(userRef);
String password = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_PASSWORD));
// Report back the user name as stored on the user
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl('ROLE_AUTHENTICATED');
UserDetails ud = new User(userName, password, getEnabled(userRef), !getAccountHasExpired(incomingUserName), !getCredentialsHaveExpired(incomingUserName), !getAccountlocked(incomingUserName), gas);
return ud;
}
public boolean getEnabled(String userName)
{
return getEnabled(getUserOrNull(userName));
}
private boolean getEnabled(NodeRef userNode)
{
if (userNode == null)
{
return false;
}
Serializable ser = nodeService.getProperty(userNode, ContentModel.PROP_ENABLED);
if (ser == null)
{
return true;
}
else
{
return DefaultTypeConverter.INSTANCE.booleanValue(ser);
}
}
/**
* Always return false.
*/
public boolean getAccountHasExpired(String userName)
{
return false;
}
public boolean getAccountlocked(String userName)
{
return false;
}
public boolean getCredentialsExpire(String userName)
{
return false;
}
public boolean getCredentialsHaveExpired(String userName)
{
return false;
}
public void setNodeService(NodeService nodeService) {
this.nodeService = nodeService;
}
// public void setTenantService(TenantService tenantService) {
// this.tenantService = tenantService;
// super.setTenantService(tenantService);
// }
public void setSearchService(SearchService searchService) {
this.searchService = searchService;
}
public void setUserNamesAreCaseSensitive(boolean userNamesAreCaseSensitive) {
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
public void setUserStoreRef(String userStoreRef) {
this.userStoreRef = new StoreRef(userStoreRef);
}
public boolean getUserNamesAreCaseSensitive()
{
return userNamesAreCaseSensitive;
}
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
public void setNamespaceService(NamespacePrefixResolver namespacePrefixResolver)
{
this.namespacePrefixResolver = namespacePrefixResolver;
}
public void setRetryingTransactionHelper(RetryingTransactionHelper retryingTransactionHelper)
{
this.retryingTransactionHelper = retryingTransactionHelper;
}
public void setPasswordEncoder(PasswordEncoder passwordEncoder)
{
this.passwordEncoder = passwordEncoder;
}
public void createUser(String caseSensitiveUserName, char[] rawPassword) throws AuthenticationException
{
NodeRef userRef = getUserOrNull(caseSensitiveUserName);
if (userRef != null)
{
throw new AuthenticationException('User already exists: ' + caseSensitiveUserName);
}
NodeRef typesNode = getUserFolderLocation();
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USER_USERNAME, caseSensitiveUserName);
String salt = null; // GUID.generate();
properties.put(ContentModel.PROP_SALT, salt);
properties.put(ContentModel.PROP_PASSWORD, passwordEncoder.encodePassword(new String(rawPassword), salt));
properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false));
properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false));
properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(true));
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
properties);
}
private NodeRef getUserFolderLocation()
{
QName qnameAssocSystem = QName.createQName('sys', 'system', namespacePrefixResolver);
QName qnameAssocUsers = QName.createQName('sys', 'people', namespacePrefixResolver); // see
// AR-527
NodeRef rootNode = nodeService.getRootNode(STOREREF_USERS);
List<ChildAssociationRef> results = nodeService.getChildAssocs(rootNode, RegexQNamePattern.MATCH_ALL,
qnameAssocSystem);
NodeRef sysNodeRef = null;
if (results.isEmpty())
{
throw new AlfrescoRuntimeException('Required authority system folder path not found: ' + qnameAssocSystem);
}
else
{
sysNodeRef = results.get(0).getChildRef();
}
results = nodeService.getChildAssocs(sysNodeRef, RegexQNamePattern.MATCH_ALL, qnameAssocUsers);
NodeRef userNodeRef = null;
if (results.isEmpty())
{
throw new AlfrescoRuntimeException('Required user folder path not found: ' + qnameAssocUsers);
}
else
{
userNodeRef = results.get(0).getChildRef();
}
return userNodeRef;
}
public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
{
NodeRef userRef = getUserOrNull(userName);
if (userRef == null)
{
throw new AuthenticationException('User name does not exist: ' + userName);
}
Map<QName, Serializable> properties = nodeService.getProperties(userRef);
String salt = null; // GUID.generate();
properties.remove(ContentModel.PROP_SALT);
properties.put(ContentModel.PROP_SALT, salt);
properties.remove(ContentModel.PROP_PASSWORD);
properties.put(ContentModel.PROP_PASSWORD, passwordEncoder.encodePassword(new String(rawPassword), salt));
nodeService.setProperties(userRef, properties);
}
public void deleteUser(String userName) throws AuthenticationException
{
NodeRef userRef = getUserOrNull(userName);
if (userRef == null)
{
throw new AuthenticationException('User name does not exist: ' + userName);
}
nodeService.deleteNode(userRef);
}
public Object getSalt(UserDetails userDetails)
{
// NodeRef userRef = getUserOrNull(userDetails.getUsername());
// if (userRef == null)
// {
// throw new UsernameNotFoundException('Could not find user by userName:
// ' + userDetails.getUsername());
// }
//
// Map<QName, Serializable> properties =
// nodeService.getProperties(userRef);
//
// String salt = DefaultTypeConverter.INSTANCE.convert(String.class,
// properties.get(QName.createQName('usr', 'salt',
// namespacePrefixResolver)));
//
// return salt;
return null;
}
public boolean userExists(String userName)
{
return (getUserOrNull(userName) != null);
}
public boolean getAccountExpires(String userName)
{
NodeRef userNode = getUserOrNull(userName);
if (userNode == null)
{
return false;
}
Serializable ser = nodeService.getProperty(userNode, ContentModel.PROP_ACCOUNT_EXPIRES);
if (ser == null)
{
return false;
}
else
{
return DefaultTypeConverter.INSTANCE.booleanValue(ser);
}
}
public Date getAccountExpiryDate(String userName)
{
NodeRef userNode = getUserOrNull(userName);
if (userNode == null)
{
return null;
}
if (DefaultTypeConverter.INSTANCE.booleanValue(nodeService.getProperty(userNode,
ContentModel.PROP_ACCOUNT_EXPIRES)))
{
return DefaultTypeConverter.INSTANCE.convert(Date.class, nodeService.getProperty(userNode,
ContentModel.PROP_ACCOUNT_EXPIRY_DATE));
}
else
{
return null;
}
}
public Date getCredentialsExpiryDate(String userName)
{
NodeRef userNode = getUserOrNull(userName);
if (userNode == null)
{
return null;
}
if (DefaultTypeConverter.INSTANCE.booleanValue(nodeService.getProperty(userNode,
ContentModel.PROP_CREDENTIALS_EXPIRE)))
{
return DefaultTypeConverter.INSTANCE.convert(Date.class, nodeService.getProperty(userNode,
ContentModel.PROP_CREDENTIALS_EXPIRY_DATE));
}
else
{
return null;
}
}
private boolean getCredentialsHaveExpired(NodeRef userNode)
{
if (userNode == null)
{
return false;
}
if (DefaultTypeConverter.INSTANCE.booleanValue(nodeService.getProperty(userNode,
ContentModel.PROP_CREDENTIALS_EXPIRE)))
{
Date date = DefaultTypeConverter.INSTANCE.convert(Date.class, nodeService.getProperty(userNode,
ContentModel.PROP_CREDENTIALS_EXPIRY_DATE));
if (date == null)
{
return false;
}
else
{
return date.compareTo(new Date())
File: com/company/repo/security/authentication/ldap/LDAPAuthenticationComponentImpl.java
package com.company.repo.security.authentication.ldap;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import com.company.repo.security.authentication.RepositoryAuthenticationDao;
import org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactory;
import org.alfresco.repo.security.authentication.NTLMMode;
/*
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
*/
/**
* Modified to reencode the password in MD4 to be able to use CIFS with LDAP
*
* @author tverin
*/
public class LDAPAuthenticationComponentImpl extends AbstractAuthenticationComponent
{
// Logging
/*
protected static final Log logger = LogFactory.getLog('com.company.repo.security.authentication.ldap');
*/
private String userNameFormat;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private RepositoryAuthenticationDao authenticationDao;
public void setAuthenticationDao(RepositoryAuthenticationDao authenticationDao) {
this.authenticationDao = authenticationDao;
}
public LDAPAuthenticationComponentImpl() {
super();
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setUserNameFormat(String userNameFormat)
{
this.userNameFormat = userNameFormat;
}
/**
* This provides supports MD4, so let's say so.
*/
public NTLMMode getNTLMMode()
{
return NTLMMode.MD4_PROVIDER;
}
public String getMD4HashedPassword(String userName)
{
return authenticationDao.getMD4HashedPassword(userName);
}
/**
* Implement the authentication method
*/
protected void authenticateImpl(String userName, char[] password) throws AuthenticationException
{
InitialDirContext ctx = null;
try
{
/*
String pwStr = String.valueOf (password);
logger.debug ('> User: '+userName+ ' - pw: ' + pwStr);
*/
String userIdentifier = String.format(userNameFormat, new Object[]{userName});
ctx = ldapInitialContextFactory.getInitialDirContext(userIdentifier, new String(password));
// Authentication has been successful.
// Set the current user, they are now authenticated.
setCurrentUser(userName);
//save the password in the alfresco user in MD4
authenticationDao.updateUser(userName, password);
}
finally
{
if(ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
clearCurrentSecurityContext();
throw new AuthenticationException('Failed to close connection', e);
}
}
}
}
@Override
protected boolean implementationAllowsGuestLogin()
{
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
return true;
}
catch(Exception e)
{
return false;
}
finally
{
if(ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new AuthenticationException('Failed to close connection', e);
}
}
}
}
}
Create/edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/extension/file-servers-custom.xml
Follow Alfresco documentation to properly configure the parameters for your CIFS server.
Appendix - Instruction for Alfresco Labs 3 STABLE
Apologies if this seems painfully obvious to some people.
First compile the two sources and put them
$alf_home/tomcat/webapps/alfresco/WEB-INF/classes/com/company/repo/security/authentication and $alf_home/tomcat/webapps/alfresco/WEB-INF/classes/com/company/repo/security/authentication respectfully.
To compile
Its assumed that you installed in /opt/Alfresco, if not make changes accordingly.
export CLASSPATH=/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository.jar:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/lib/acegi-security-0.8.2_patched.jar:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-core.jar:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/lib/spring-2.0.6.jar
javac RepositoryAuthenticationDao.java
export CLASSPATH=$CLASSPATH:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/
cd ldap
javac LDAPAuthenticationComponentImpl.java
Further configuration
Edit authentication-services-context.xml, usually found in $alf_home/tomcat/webapps/alfresco/WEB-INF/classes/alfresco
Add following after the bean 'authenticationDao', line 103 on my installation.
<bean id='authenticationDaoFull' class='com.company.repo.security.authentication.RepositoryAuthenticationDao'>
<property name='nodeService'>
<ref bean='nodeService' />
</property>
<property name='dictionaryService'>
<ref bean='dictionaryService' />
</property>
<property name='namespaceService'>
<ref bean='namespaceService' />
</property>
<property name='searchService'>
<ref bean='admSearchService' />
</property>
<property name='retryingTransactionHelper'>
<ref bean='retryingTransactionHelper'/>
</property>
<property name='userNamesAreCaseSensitive'>
<value>${user.name.caseSensitive}</value>
</property>
<property name='passwordEncoder'>
<ref bean='passwordEncoder' />
</property>
</bean>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Alfresco Content Services Hub Docs
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
Latest Articles
- Alfresco Community Edition 201911 GA Release Notes
- Alfresco Community Edition 201910 EA Release Notes
- Deconstructing SOLR Indexes
- Alfresco Community Edition 201901 GA Release Notes
- Alfresco Community Edition 201808 EA file list
- php_upload.docx
- Alfresco Community Edition 201808 EA Release Notes
- Alfresco_6.0_docker deployment.pdf
- Alfresco Community Edition 201806 GA file list
- alfresco.log
- Alfresco Addons *Incomplete list*
- Alfresco Community Edition 201806 GA Release Notes
- AGS Benchmark Driver Documentation
- Default memory allocation issue in Alfresco CE 201...
- Alfresco Community Edition 201804 EA file list
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.