This is a quick guide to configure Alfresco to authenticate on a OpenLDAP server over a SSL channel, secure encrypted communication.
On Alfresco 4.2 and possibly older versions too, add these entries to tomcat/shared/classes/alfresco-global.properties. The alfrescoNtlm authentication has been left in place in the example below as a fall-back authentication option.
The line ldap.synchronization.java.naming.security.principal refers to the username of the user with permissions to search the LDAP base, in most cases, this parameter can be left empty. It is only required to synchronise users from the LDAP database to Alfresco. Adapt o=users,ou=YOURCOMPANY,dc=COM, PRINCIPLEUSER, YOURPASSWORD and GROUPNAME to match your LDAP settings.
Passwords from LDAP do not seem to synchronise (confirmation required).
In older versions (2008 or earlier), it may have been necessary to follow these configuration instructions instead (based on the previous information on this page): (Confirmation required) You will need to edit alfresco/tomcat/shared/classes/alfresco/extension/ldap-authentication-context.xml If you don't find it, maybe a .sample will exist in the directory.
To comunicate with other computer using SSL or TLS, JAVA will need validate the certificate. I can't make this work without it. Well, you will need to export the certificate to a file and import using keytool.
I used the certificate in DER format. (PEM format should work too...)
I have some trouble without the alias option, I recommend that you use it.
Now the certificate is stored on /etc/java/keystore. You will have to pass this file as a parameter to the VM.
Edit the script that starts your server, (in Alfresco is alfresco.sh) (this is in /opt/alfresco-4.2.c/tomcat/scripts/ctl.sh on Linux), add to the JAVA_OPTS the option -Djavax.net.ssl.trustStore=/etc/java/keystore
Chaining and admin users
When your system authenticate users on LDAP, yours internal users will disappear You can configure admin rights to a LDAP user just putting the username on the section