Alfresco 3 + authentification dans l'AD

cancel
Showing results for 
Search instead for 
Did you mean: 
miroufsn
Member II

Alfresco 3 + authentification dans l'AD

Bonjour,

je souhaite utiliser alfresco a des fins de gestion documentaire.

Mes souhaits de configuration sont :
NTLM (afin d’éviter de ce connecter)
Accès aux donnée via l’explorateur Windows / voir SharePoint
Authentification via notre contrôleur de domaine (AD 2003)


Je rencontre plusieurs problèmes.
L’installation d’alfresco fonctionne. Je peux y accéder via l’URL de mon serveur http://192.168.5.210:8080/alfresco/

Par contre je suis en train de regarder l’authentification AD.
A l’aide de la documentation « Install_Configure_Alfresco3Stable.pdf », j’ai donc suivi les conseils du point « Chaining Alfresco authentication with Active Directory ».

1. Remove .sample from the following two files in the <extensions> directory:
./extension/ldap-authentication-context.xml.sample./extension/ldap-
synchronisation-context.xml.sample
2. In ./extension/ldap-authentication-context.xml, change:
a. <bean name="authenticationDao" . . . to <bean name="authenticationDaoLDAP"
b. <bean id="authenticationComponent" to <bean
id="authenticationComponentLDAP"
The option to allow guest access is already enabled.
3. Make the appropriate changes to ./extension/ldap-authentication.properties and ./
extension/ldap-synchronisation.properties. Your Active Directory admin is the best
source for this information.
4. Remove .sample from  ./extension/chaining-authentication-context.xml.sample
and replace all the xml with the following: ……………..
5. Start Alfresco and log in as the default Alfresco a
6. Log out and log in as an Active Directory user.


Seulement après le redémarrage, plus rien ne fonctionne.
j'ai l'erreur suivante:
Etat HTTP 404 -
——————————————————————————–
type Rapport d'�tat
message
description La ressource demand�e () n'est pas disponible.
——————————————————————————–
Apache Tomcat/6.0.18


Ci-dessous mes fichiers de configuration (que j'ai modifié):
file-server.xml


<alfresco-config area="file-servers">

   <config evaluator="string-compare" condition="CIFS Server">
     <serverEnable enabled="true"/>
      <host name="${cifs.localname}A" domain="${cifs.domain}"/>
      <comment>entreprise CIFS Server</comment>
      <!– Set to the broadcast mask for the subnet –>
      <broadcast>${cifs.broadcast}</broadcast>
      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>
      <hostAnnounce interval="5"/>
      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>
      <!– CIFS authentication –>
      <authenticator type="enterprise">
      </authenticator>
     

      <sessionDebug flags="Negotiate,Socket"/>
   </config>

   <config evaluator="string-compare" condition="FTP Server">
     <serverEnable enabled="true"/>
      <authenticator type="alfresco"/>
   </config>
  
   <config evaluator="string-compare" condition="NFS Server">
     <serverEnable enabled="false"/>
   </config>
   
   <config evaluator="string-compare" condition="Filesystems">
     <filesystems>
       
       <!– Alfresco repository access shared filesystem –>
         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

         <!– Add a URL file to each folder that links back to the web client –>
         <urlFile>
               <filename>__AlfrescoClient.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

          <offlineFiles/>
         </filesystem>
         <avmfilesystem name="AVM">
            <virtualView stores="site,staging,author" />
         </avmfilesystem>
        
      </filesystems>
   </config>
      <config evaluator="string-compare" condition="Filesystem Security">
   </config>
</alfresco-config>

web.xml

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
   <display-name>Alfresco Web Client</display-name>

   <description>Alfresco Web Client</description>

   <context-param>
      <param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
      <param-value>true</param-value>
   </context-param>

   <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
   </context-param>

   <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/faces-config-app.xml,/WEB-INF/faces-config-beans.xml,/WEB-INF/faces-config-navigation.xml,/WEB-INF/faces-config-common.xml,/WEB-INF/faces-config-repo.xml,/WEB-INF/faces-config-wcm.xml,/WEB-INF/faces-config-custom.xml</param-value>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
      <param-value>true</param-value>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
      <param-value>false</param-value>
      <description>This is an EXPERIMENTAL feature, so leave it off for now!</description>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
      <param-value>false</param-value>
      <description>Stop MyFaces from Serializing the state to the session</description>
   </context-param>

    <!– TODO: Change this to false for production –>
    <context-param>
        <param-name>org.apache.myfaces.PRETTY_HTML</param-name>
        <param-value>true</param-value>
        <description>
            If true, rendered HTML code will be formatted, so that it is "human readable".
            i.e. additional line separators and whitespace will be written, that do not
            influence the HTML code.
            Default: "true"
        </description>
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
        <param-value>false</param-value>
        <description>
            If true, a javascript function will be rendered that is able to restore the
            former vertical scroll on every request. Convenient feature if you have pages
            with long lists and you do not want the browser page to always jump to the top
            if you trigger a link or button action that stays on the same page.
            Default: "false"
        </description>
    </context-param>

   <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
         classpath:alfresco/application-context.xml
         classpath:alfresco/webscript-framework-application-context.xml
         classpath:alfresco/web-client-application-context.xml
         classpath:alfresco/web-scripts-application-context.xml
         classpath:alfresco/web-services-application-context.xml
         classpath*:alfresco/extension/custom-web-context.xml

      </param-value>
      <description>Spring config file locations</description>
   </context-param>

   <context-param>
         <param-name>store</param-name>
         <param-value>workspace://SpacesStore</param-value>
   </context-param>
   <context-param>
         <param-name>rootPath</param-name>
         <param-value>/app:company_home</param-value>
   </context-param>


   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
   </filter>


   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
   </filter>

   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <url-pattern>/webdav/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/categories/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/groups/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/users.jsp</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern>
   </filter-mapping>


   <listener>
      <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
   </listener>

   <listener>
      <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
   </listener>
  
   <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>

   <listener>
      <listener-class>org.alfresco.web.app.ContextListener</listener-class>
   </listener>

   <!– Faces Servlet –>
   <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>uploadFile</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.UploadFileServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>uploadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.UploadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>downloadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.DownloadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>downloadRawContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.DownloadRawContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>guestDownloadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.GuestDownloadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>guestTemplateContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.GuestTemplateContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>externalAccess</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.ExternalAccessServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>templateContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.TemplateContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>commandServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.CommandServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>ajaxServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.ajax.AjaxServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>axis</servlet-name>
      <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
      <load-on-startup>5</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>CXFServlet</servlet-name>
      <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
      <load-on-startup>6</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>WebDAV</servlet-name>
      <servlet-class>org.alfresco.repo.webdav.WebDAVServlet</servlet-class>
      <load-on-startup>5</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>apiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.basic</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>wcapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.webclient</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>portalapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.webclient</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>facebookServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.facebook.FacebookServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.facebook</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>fbapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.facebook.FacebookAPIServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.facebook</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>proxyServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.HTTPProxyServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>workflowDefinitionImageServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.WorkflowDefinitionImageServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>JBPMDeployProcessServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.JBPMDeployProcessServlet</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>uploadFile</servlet-name>
      <url-pattern>/uploadFileServlet</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>uploadContent</servlet-name>
      <url-pattern>/upload/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadContent</servlet-name>
      <url-pattern>/download/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadContent</servlet-name>
      <url-pattern>/d/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadRawContent</servlet-name>
      <url-pattern>/dr</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestDownloadContent</servlet-name>
      <url-pattern>/guestDownload/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestDownloadContent</servlet-name>
      <url-pattern>/gd/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>templateContent</servlet-name>
      <url-pattern>/template/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>templateContent</servlet-name>
      <url-pattern>/t/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestTemplateContent</servlet-name>
      <url-pattern>/guestTemplate/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestTemplateContent</servlet-name>
      <url-pattern>/gt/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>externalAccess</servlet-name>
      <url-pattern>/navigate/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>externalAccess</servlet-name>
      <url-pattern>/n/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>commandServlet</servlet-name>
      <url-pattern>/command/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>commandServlet</servlet-name>
      <url-pattern>/c/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>ajaxServlet</servlet-name>
      <url-pattern>/ajax/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>axis</servlet-name>
      <url-pattern>/api/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>CXFServlet</servlet-name>
      <url-pattern>/cmis/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
        <servlet-name>WebDAV</servlet-name>
        <url-pattern>/webdav/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>apiServlet</servlet-name>
      <url-pattern>/service/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>apiServlet</servlet-name>
      <url-pattern>/s/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>wcapiServlet</servlet-name>
      <url-pattern>/wcservice/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>wcapiServlet</servlet-name>
      <url-pattern>/wcs/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>portalapiServlet</servlet-name>
      <url-pattern>/168service/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>portalapiServlet</servlet-name>
      <url-pattern>/168s/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>facebookServlet</servlet-name>
      <url-pattern>/facebook/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>facebookServlet</servlet-name>
      <url-pattern>/fb/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>fbapiServlet</servlet-name>
      <url-pattern>/fbservice/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>fbapiServlet</servlet-name>
      <url-pattern>/fbs/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>proxyServlet</servlet-name>
      <url-pattern>/proxy</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>JBPMDeployProcessServlet</servlet-name>
      <url-pattern>/jbpm/deployprocess</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>workflowDefinitionImageServlet</servlet-name>
      <url-pattern>/workflowdefinitionimage/*</url-pattern>
   </servlet-mapping>

   <session-config>
      <session-timeout>60</session-timeout>
   </session-config>

   <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
   </welcome-file-list>

   <error-page>
      <exception-type>java.lang.Exception</exception-type>
      <location>/jsp/error.jsp</location>
   </error-page>

</web-app>

file-server-custom.xml

<alfresco-config area="file-servers">

   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>
  
   <config evaluator="string-compare" condition="Filesystems" replace="true">
      <filesystems>

         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>

            <!– Desktop actions –>

            <desktopActions>
               <global>
                  <path>alfresco/desktop/Alfresco.exe</path>
                  <webpath>http://${localname}:8080/alfresco/</webpath>
               </global>
               <action>
                  <class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
                  <name>CheckInOut</name>
                  <filename>__CheckInOut.exe</filename>
               </action>
               <action>
                  <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
                  <name>JavaScriptURL</name>
                  <filename>__ShowDetails.exe</filename>
                  <script>alfresco/desktop/showDetails.js</script>
                  <attributes>anyFiles</attributes>
                  <preprocess>copyToTarget</preprocess>
               </action>

            </desktopActions>

         </filesystem>

   
      <filesystem name="monEntreprise"> 
        <store>workspace://SpacesStore</store>
          <rootPath>/app:company_home</rootPath>

      </filesystem>

    
       <!– AVM virtualization view of all stores/versions for WCM –>
         <avmfilesystem name="AVM">
            <virtualView/>
         </avmfilesystem>
       
      </filesystems>
   </config>



<config evaluator="string-compare" condition="CIFS Server">
     <serverEnable enabled="true"/>
      <host name="${cifs.localname}A" domain="monEntreprise.local"/>
      <comment>Documents de monEntreprise</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>${cifs.broadcast}</broadcast>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>

      <!– Can be mapped to non-privileged ports, then use firewall rules to forward
          requests from the standard ports –>
     <!–      
      <tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
      <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
     –>
      
      <hostAnnounce interval="5"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <!– CIFS authentication –>
      <authenticator type="enterprise">
      </authenticator>
     
<!–
      <WINS>
         <primary>1.2.3.4</primary>
         <secondary>5.6.7.8</secondary>
      </WINS>
–>
      <sessionDebug flags="Negotiate,Socket"/>
   </config>


–> 
</alfresco-config>



ldap-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
   <!– The main configuration has moved into a properties file –>
   
    <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreUnresolvablePlaceholders">
            <value>true</value>
        </property> 
        <property name="locations">
            <value>classpath:alfresco/extension/ldap-authentication.properties</value>
        </property>
    </bean>
   
    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
   
    <bean name="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>   
  

    <!– LDAP authentication configuration –>
   
    <!–
   
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
   
    –>
   
    <bean id="authenticationComponentLDAP"
          class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"
          parent="authenticationComponentBase">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
           
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
           
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
           
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
            Usually for simple authentication. Simple authentication always uses the DN for the user.
           
            –>
            <value>${ldap.authentication.userNameFormat}</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionService" />
        </property>  
        <property name="escapeCommasInBind">
            <value>${ldap.authentication.escapeCommasInBind}</value>
        </property>
        <property name="escapeCommasInUid">
            <value>${ldap.authentication.escapeCommasInUid}</value>
        </property>
    </bean>
   
    <!–
   
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
   
    –>
   
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>${ldap.authentication.java.naming.factory.initial}</value>
                </entry>
               
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                    <value>${ldap.authentication.java.naming.provider.url}</value>
                </entry>
               
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–                java.naming.security.sasl.realm –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="java.naming.security.authentication">
                    <value>${ldap.authentication.java.naming.security.authentication}</value>
                </entry>
               
                <!– The id of a user who can read group and user information –>
                <!– This does not go through the pattern substitution defined above and is used "as is" –>
                <entry key="java.naming.security.principal">
                    <value>${ldap.authentication.java.naming.security.principal}</value>
                </entry>
               
                <!– The password for the user defined above –>
                <entry key="java.naming.security.credentials">
                    <value>${ldap.authentication.java.naming.security.credentials}</value>
                </entry>
            </map>
        </property>
    </bean>
   
</beans>

ldap-authentication.properties

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=%s

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://192.168.5.253:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=DIGEST-MD5

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=reader

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

chaining-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/
dtd/spring-beans.dtd'>
<beans>
<!– Chaining of both the services and components –>
<bean id="authenticationService"
class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
  <list>
    <ref bean="authenticationServiceLDAP"/>
  </list>
</property>
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
<property name="sysAdminCache">
<ref bean="sysAdminCache"/>
</property>
</bean>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl">
<property name="authenticationComponents">
<list>
<ref bean="authenticationComponentLDAP"/>
</list>
</property>
<property name="mutableAuthenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<!– Alfresco Auth –>
<bean id="authenticationServiceImplAlfresco"
class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property> <property name="ticketComponent">
<ref bean="ticketComponent"/>
</property> <property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property> <property name="sysAdminCache">
<ref bean="sysAdminCache"/>
</property>
</bean>

<bean id="authenticationDaoAlfresco"
class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property> <property name="namespaceService">
<ref bean="namespaceService"/>
</property> <property name="searchService">
<ref bean="admSearchService"/>
</property> <property name="retryingTransactionHelper">
<ref bean="retryingTransactionHelper"/>
</property> <property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property> <property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>

<bean id="authenticationComponentImplAlfresco"
class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property> <property name="authenticationManager">
<ref bean="authenticationManager"/>
</property> <property name="allowGuestLogin">
<value>true</value>
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="personService">
<ref bean="personService" /> </property> <property name="transactionService">
<ref bean="transactionService" />
</property>
</bean>

<!– Active Directory –>
<bean id="authenticationServiceLDAP"
class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoLDAP"/>
</property> <property name="ticketComponent">
<ref bean="ticketComponent"/>
</property> <property name="authenticationComponent">
<ref bean="authenticationComponentLDAP"/>
</property>
</bean>
</beans>


Merci par avance pour votre aide précieuse.
2 Replies
miliesul
Member II

Re: Alfresco 3 + authentification dans l'AD

Je n'ai pas regardé en détail tes fichiers mais je viens de mettre en place moi aussi une connexion à AD et je me suis aidée des logs de Tomcat qui se trouve sous Tomcat/log.
Les informations m'ont permis de déceler des erreurs de format de fichier d'erreur de frappe et d'erreur en rentrat les informations sur le serveur AD.
J'espère que ce coup de pouce pourra t'aider
pschh
Member II

Re: Alfresco 3 + authentification dans l'AD

Bonjour,

j'ai également suivi ce guide avec une version 3.1 entreprise sans succés alors qu'il suffit de renommer les fichiers sample déjà dans alfresco.
Attention aux injections spring dans chaining-authentication-context.xml notamment au niveau du bean authenticationDaoAlfresco la propriété

<property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>


doit être remplacée par

<property name="userNameMatcher">
           <ref bean="userNameMatcher" />
       </property>


En espérant que cela t'aide…