[Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

cancel
Showing results for 
Search instead for 
Did you mean: 
jack_8100
Member II

[Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Bonjour,

Il s'agit sans doute du n-ième post à ce sujet, mais malgrés mes recherches sur les post deja présent sur le forum anglais et francais, je ne trouve pas de solution à mon problème.
Je travaille actuellement avec la version 2.9B community d'Alfresco et un serveur LDAP (apache directory).
Comme l'indique le titre de ce post, je cherche à utiliser l'authentification et la synchronisation d'alfresco via mon serveur LDAP.

Au lancement d'alfresco j'obtiens le message qui suit :
09:47:04,975 User:System WARN  [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://localhost:10389
09:47:05,007 User:System INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://localhost:10389
09:47:05,022 User:System INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://localhost:10389
09:47:05,038 User:System INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://localhost:10389


Je pense d'après le code source que c'est un comportement normal, je crois mais au niveau des log de mon serveur LDAP j'ai ce message :
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute c-FacsimileTelephoneNumber does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute enhancedSearchGuide does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute crossCertificatePair does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute supportedAlgorithms does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute deltaRevocationList does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute namingContexts does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute altServer does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute supportedExtension does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute facsimileTelephoneNumber does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute preferredDeliveryMethod does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute byteCode does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute telexNumber does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute teletexTerminalIdentifier does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute cACertificate does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute userCertificate does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute certificateRevocationList does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute authorityRevocationList does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute subtreeSpecification does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute searchGuide does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute userPKCS12 does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute jpegPhoto does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute audio does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute personalSignature does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute subtreeMaximumQuality does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute krb5Key does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute singleLevelQuality does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute subtreeMinimumQuality does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute c-TelexNumber does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute mailPreferenceOption does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute dSAQuality does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute javaSerializedData does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute photo does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute supportedControl does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute supportedSASLMechanisms does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute supportedLDAPVersion does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute dynamicSubtrees does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute entryTtl does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute nisNetgroupTriple does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute userSMIMECertificate does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute otherMailbox does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.schema.bootstrap.BootstrapAttributeTypeRegistry] - Attribute bootParameter does not have normalizer : using NoopNormalizer
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.2
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.3
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.1
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.6
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.7
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.4
[09:46:30] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.5
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.2
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.3
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.1
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.6
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.7
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.4
[09:46:31] WARN [org.apache.directory.server.core.partition.impl.btree.BTreePartition] - Using default cache size of 100 for index on attribute 1.3.6.1.4.1.18060.0.4.1.2.5
[09:46:31] WARN [org.apache.directory.server.core.DefaultDirectoryService] - You didn't change the admin password of directory service instance 'default'.  Please update the admin password as soon as possible to prevent a possible security breach.
[09:47:04] ERROR [org.apache.directory.shared.ldap.codec.LdapMessageGrammar] - Incorrect DN given : daftAsABrush (0x64 0x61 0x66 0x74 0x41 0x73 0x41 0x42 0x72 0x75 0x73 0x68 ) is invalid : Bad DN : daftAsABrush
[09:47:05] ERROR [org.apache.directory.server.core.authn.SimpleAuthenticator] - Authentication error : cn=daftAsABrush,dc=woof

Ce qui pourrait peut etre expliquer qu'au moment de l'authentification à alfresco via le navigateur j'ai le message suivant :
09:52:40,721 User:guest ERROR [[localhost].[/alfresco].[Faces Servlet]] "Servlet.service()" pour la servlet Faces Servlet a gÚnÚrÚ une exception
org.alfresco.error.AlfrescoRuntimeException: Not implemented
        at org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao.loadUserByUsername(DefaultMutableAuthenticationDao.java:410)
        at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.getUserFromBackend(DaoAuthenticationProvider.java:390)
        at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenticate(DaoAuthenticationProvider.java:225)
        at net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:159)
        at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
        at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.authenticateImpl(AuthenticationComponentImpl.java:74)
        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:74)
        at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:114)
        at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.authenticate(ChainingAuthenticationServiceImpl.java:164)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
        at $Proxy20.authenticate(Unknown Source)
        at org.alfresco.web.bean.LoginBean.login(LoginBean.java:247)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
        at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
        at javax.faces.component.UICommand.broadcast(UICommand.java:109)
        at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
        at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
        at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
        at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
        at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:619)
10 Replies
jack_8100
Member II

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

J'ai pu apprendre sur les forums et dans les pages du wiki, que pour l'authentification et la synchronisation d'un serveur LDAP, il fallait modifier 5 fichiers :
- ldap-authentication-context.xml
- ldap-authentication.properties
- ldap-synchronisation-context.xml
- ldap-synchronisation.properties
- chaining-authentication-context.xml

De plus j'ai du modifier aussi le fichier file-servers.xml afin d'eviter une exception du CIFS.

Alors je vous donne le contenu de ces fichiers :

- ldap-authentication-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
   <!– The main configuration has moved into a properties file –>
   
    <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreUnresolvablePlaceholders">
            <value>true</value>
        </property> 
        <property name="locations">
            <value>classpath:alfresco/extension/ldap-authentication.properties</value>
        </property>
    </bean>
   
    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
   
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>   
  

    <!– LDAP authentication configuration –>
   
    <!–
   
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
   
    –>
   
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
           
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
           
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
           
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
            Usually for simple authentication. Simple authentication always uses the DN for the user.
           
            –>
            <value>${ldap.authentication.userNameFormat}</value>
        </property>
    </bean>
   
    <!–
   
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
   
    –>
   
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>${ldap.authentication.java.naming.factory.initial}</value>
                </entry>
               
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                    <value>${ldap.authentication.java.naming.provider.url}</value>
                </entry>
               
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–                java.naming.security.sasl.realm –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="java.naming.security.authentication">
                    <value>${ldap.authentication.java.naming.security.authentication}</value>
                </entry>
               
                <!– The id of a user who can read group and user information –>
                <!– This does not go through the pattern substitution defined above and is used "as is" –>
                <entry key="java.naming.security.principal">
                    <value>${ldap.authentication.java.naming.security.principal}</value>
                </entry>
            
                <!– The password for the user defined above –>
                <entry key="java.naming.security.credentials">
                    <value>${ldap.authentication.java.naming.security.credentials}</value>
                </entry>
            </map>
        </property>
    </bean>
   
</beans>

- ldap-authentication.properties
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=cn=%s,ou=users,dc=example,dc=com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://localhost:10389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=uid=admin,ou=system

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

- ldap-synchronisation-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
   <bean name="ldapSynchronisationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
       <property name="ignoreUnresolvablePlaceholders">
            <value>true</value>
        </property> 
        <property name="locations">
            <value>classpath:alfresco/extension/ldap-synchronisation.properties</value>
        </property>
    </bean>
   
    <!–
      Wire up the same context as used for LDAP authentication. You could use another context: just replace this
       alias with the bean definition
    –>
   
    <alias alias="ldapSyncInitialDirContextFactory" name="ldapInitialDirContextFactory"/>
   
    <!– Ldap Syncronisation support –>
   
    <!–
       
    There can be more than one stack of beans that import users or groups. For example, it may be easier
    to have a version of ldapPeopleExportSource, and associated beans, for each sub-tree of your ldap directory
    from which you want to import users. You could then limit users to be imported from two or more sub tress and ignore
    users found else where. The same applies to the import of groups.
        
    The defaults shown below are for OpenLDAP.   
       
    –>
       
  
    <!– Extract user information from LDAP and transform this to XML –>
    
    <bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
        <!–
        The query to select objects that represent the users to import.
       
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=inetOrgPerson)
       
        For Active Directory:
        (objectclass=user)
        –>
        <property name="personQuery">
            <value>${ldap.synchronisation.personQuery}</value>
        </property>
       
        <!–
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        –>
        <property name="searchBase">
            <value>${ldap.synchronisation.personSearchBase}</value>
        </property>
       
        <!–
        The unique identifier for the user.
       
        THIS MUST MATCH WHAT THE USER TYPES IN AT THE LOGIN PROMPT   
       
        For simple LDAP authentication this is likely to be "cn" or, less friendly, "distinguishedName"
       
        In OpenLDAP, using other authentication mechanisms "uid", but this depends on how you map
        from the id in the LDAP authentication request to search for the inetOrgPerson against which
        to authenticate.
       
        In Active Directory this is most likely to be "sAMAccountName"
       
        This property is mandatory and must appear on all users found by the query defined above.
       
        –>
        <property name="userIdAttributeName">
            <value>${ldap.synchronisation.userIdAttributeName}</value>
        </property>
       
        <!– Services –>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapSyncInitialDirContextFactory"/>
        </property>
        <property name="personService">
            <ref bean="personService"></ref>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       
        <!–
        This property defines a mapping between attributes held on LDAP user objects and
        the properties of user objects held in the repository. The key is the QName of an attribute in
        the repository, the value is the attribute name from the user/inetOrgPerson/.. object in the
        LDAP repository.    
        –>
        <property name="attributeMapping">
            <map>
                <entry key="cm:userName">
                    <!– Must match the same attribute as userIdAttributeName –>
                    <value>${ldap.synchronisation.userIdAttributeName}</value>
                </entry>
                <entry key="cm:firstName">
                    <!– OpenLDAP: "givenName" –>
                    <!– Active Directory: "givenName" –>
                    <value>${ldap.synchronisation.userFirstNameAttributeName}</value>
                </entry>
                <entry key="cm:lastName">
                    <!– OpenLDAP: "sn" –>
                    <!– Active Directory: "sn" –>
                    <value>${ldap.synchronisation.userLastNameAttributeName}</value>
                </entry>
                <entry key="cm:email">
                    <!– OpenLDAP: "mail" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronisation.userEmailAttributeName}</value>
                </entry>
                <entry key="cm:organizationId">
                    <!– OpenLDAP: "o" –>
                    <!– Active Directory: "???" –>
                    <value>${ldap.synchronisation.userOrganizationalIdAttributeName}</value>
                </entry>
                <!– Always use the default –>
                <entry key="cm:homeFolderProvider">
                    <null/>
                </entry>
            </map>
        </property>
        <!– Set a default home folder provider –>
        <!– Defaults only apply for values above –>
        <property name="attributeDefaults">
            <map>
                <entry key="cm:homeFolderProvider">
                    <value>${ldap.synchronisation.defaultHomeFolderProvider}</value>
                </entry>
            </map>
        </property>
    </bean>
   
    <!– Extract group information from LDAP and transform this to XML –>
   
    <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
        <!–
        The query to select objects that represent the groups to import.
       
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=groupOfNames)
       
        For Active Directory:
        (objectclass=group)
        –>
        <property name="groupQuery">
            <value>${ldap.synchronisation.groupQuery}</value>
        </property>
       
        <!–
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        –>
        <property name="searchBase">
            <value>${ldap.synchronisation.groupSearchBase}</value>
        </property>
       
        <!–
        The unique identifier for the user. This must match the userIdAttributeName on the ldapPeopleExportSource bean above.
        –>
        <property name="userIdAttributeName">
            <value>${ldap.synchronisation.userIdAttributeName}</value>
        </property>
       
        <!–
        An attribute that is a unique identifier for each group found.
        This is also the name of the group with the current group implementation.
        This is mandatory for any groups found.
       
        OpenLDAP: "cn" as it is mandatory on groupOfNames
        Active Directory: "cn"
       
        –>
        <property name="groupIdAttributeName">
            <value>${ldap.synchronisation.groupIdAttributeName}</value>
        </property>
       
        <!–
        The objectClass attribute for group members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a group.
        –>
        <property name="groupType">
            <value>${ldap.synchronisation.groupType}</value>
        </property>
       
        <!–
        The objectClass attribute for person members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a person.
        –>
        <property name="personType">
            <value>${ldap.synchronisation.personType}</value>
        </property>
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapSyncInitialDirContextFactory"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
       
        <!–
        The repeating attribute on group objects (found by query or as sub groups)
        used to define membership of the group. This is assumed to hold distinguished names of
        other groups or users/people; the above types are used to determine this.
       
        OpenLDAP: "member" as it is mandatory on groupOfNames
        Active Directory: "member"
       
        –>
        <property name="memberAttribute">
            <value>${ldap.synchronisation.groupMemberAttributeName}</value>
        </property>
       
        <property name="authorityDAO">
            <ref bean="authorityDAO"/>
        </property>
    </bean>
   
    <!– Job definitions to import LDAP people and groups –>
    <!– The triggers register themselves with the scheduler –>
    <!– You may comment in the default scheduler to enable these triggers –>
    <!– If a cron base trigger is what you want seee scheduled-jobs-context.xml for examples. –>
   
    <!– Trigger to load poeple –>
    <!– Note you can have more than one initial (context, trigger, import job and export source) set –>
    <!– This would allow you to load people from more than one ldap store –>
   
    <bean id="ldapPeopleTrigger" class="org.alfresco.util.CronTriggerBean">
        <property name="jobDetail">
            <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapPeopleImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="cronExpression">
         <value>${ldap.synchronisation.import.person.cron}</value>
      </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
    </bean>
   
    <bean id="ldapGroupTrigger" class="org.alfresco.util.CronTriggerBean">
        <property name="jobDetail">
            <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapGroupImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="cronExpression">
         <value>${ldap.synchronisation.import.group.cron}</value>
      </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
    </bean>
   
    <!– The bean that imports xml describing people –>
   
    <bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapPeopleExportSource"/>
        </property>

        <!– The store that contains people - this should not be changed –>
        <property name="storeRef">
            <value>${spaces.store}</value>
        </property>
       
        <!– The location of people nodes within the store defined above - this should not be changed –>
        <property name="path">
            <value>/${system.system_container.childname}/${system.people_container.childname}</value>
        </property>
       
        <!– If true, clear all existing people before import, if false update/add people from the xml –>
        <property name="clearAllChildren">
            <value>false</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
       
       
        <property name="caches">
            <set>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
    </bean>
   
    <!– The bean that imports xml descibing groups –>
   
    <bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapGroupExportSource"/>
        </property>
        <!– The store that contains group information - this should not be changed –>
        <property name="storeRef">
            <value>${alfresco_user_store.store}</value>
        </property>
       
        <!– The location of group information in the store above - this should not be changed –>
        <property name="path">
            <value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
        </property>
       
        <!– If true, clear all existing groups before import, if false update/add groups from the xml –>
        <property name="clearAllChildren">
            <value>${ldap.synchronisation.import.group.clearAllChildren}</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
       
        <!– caches to clear on import of groups –>
        <property name="caches">
            <set>
                <ref bean="userToAuthorityCache"/>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
       
        <!– userToAuthorityCache –>
    </bean>
   
</beans>

- ldap-synchronisation.properties
# 
# This properties file is used to configure LDAP syncronisation
#

# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)

# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=ou=users,dc=example,dc=com

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o

# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider

# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfNames)

# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=ou=groups,dc=example,dc=com

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronisation.groupType=groupOfNames

# The person type in LDAP
ldap.synchronisation.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ?

# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?

# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true

- chaining-authentication-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
  
   
    <!– Chaining of both the services and components –>
   
    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <!– <ref bean="authenticationServiceImplJAAS"/>  –>
            <ref bean="authenticationServiceImplLDAP"/>
            </list>
        </property>
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
    </bean>
   
     <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl">
      <property name="authenticationComponents">
            <list>
                <!– <ref bean="authenticationComponentImplJAAS"/> –>
            <ref bean="authenticationComponentImplLDAP"/>
            </list>
        </property>
        <property name="mutableAuthenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
   </bean>
   
    <!– Alfresco Auth –>
   
    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
    </bean>
   
     <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="admSearchService"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>
   
    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>
   
    <!– JAAS –>
   
    <bean id="authenticationServiceImplJAAS" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoJAAS"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplJAAS"/>
        </property>
    </bean>
   
    <bean id="authenticationComponentImplJAAS" class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>COMPANY.COM</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
    </bean>
   
   <!– LDAP by stonon –>
  
   <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
       <property name="authenticationDao">
         <ref bean="authenticationDaoLDAP" />
      </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplLDAP" />
        </property>
    </bean>

    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <value>cn=%s,ou=users,dc=example,dc=com</value>
        </property>
    </bean>

    <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>

    <bean id="authenticationDaoJAAS" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
       
</beans>

- file-servers.xml : pour ce fichier la j'ai remplacer ce code :
 <config evaluator="string-compare" condition="Filesystem Security">
      <authenticator type="alfresco">
      </authenticator>
   </config>

par celui-ci :
 <config evaluator="string-compare" condition="Filesystem Security">
      <authenticator type="passthru">
      <LocalServer/>
      </authenticator>
   </config>

Je buche sur ce problème depuis une semaine déjà et je n'arrive pas à voir d'ou ca peut provenir.
Quelqu'un aurait-il une idée ? Si jamais il n'y a pas solution, cela pourrait-il venir d'un manque de compatibilité avec un LDAP apache ? Faut-il que je change de serveur ?

Je vous remercie d'avance.
Cordialement,

Jack
alex_9396
Member II

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Bonjour,

       Est-ce que l'authentification par le ldap fonction?
       Moi pour la partie authentification (étant sur la même version) je n'ai configuré que le fichier ldap-authentification.properties, le second fichier de configuration ldap-authentification-context.xml renvoie sur le .properties. (enfin je crois Smiley Surprisedops: ), pareille pour la synchro ldap
     
       Ne pas oublier de bien renseignez les champs dans le ldap.authentification.properties:

ldap.authentication.userNameFormat=cn=%s,ou=users,dc=example,dc=com
remplacer par votre configuration de votre serveur ldap
ldap.authentication.java.naming.provider.url=ldap://localhost:10389
michaelh
Active Member

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

bonjour,

On a pas du passer beaucoup de temps coté Alfresco à tester Apache directory mais bon … ça devrait fonctionner.

Par contre dans votre conf :
ldap.authentication.userNameFormat=cn=%s,ou=users,dc=example,dc=com

Je doute que ce soit un CN valide ..

EDIT : Ahh tiens, qq a répondu avant moi, mais il semble qu'on soit tous d'accord Smiley Wink
rguinot
Active Member

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Avez vous essayé de vous connecter à l'annuaire avec ldapsearch par exemple. Arrivez vous à recupérer la liste des utilisateurs souhaités avec la requête que vous avez mis dans la conf de la synchro LDAP ? C'est un bon test pour valider que le LDAP fonctionne comme attendu avant de se lancer dans la synchro Alfresco.

Si j'en crois ce post, les logs "does not have normalizer" sont plutôt des INFO qui ne devraient pas être la cause de vos problèmes.

cn=daftAsABrush,dc=woof

est apparemment un test fait par Alfresco pour déterminer si un bind anonyme est possible sur le serveur (https://issues.alfresco.com/jira/browse/ALFCOM-1211), sans doute un fallback puisqu'il semble que vous n'ayez pas configuré les credentials de login pour la récupération des comptes :

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=uid=admin,ou=system

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

Il faut fournir un compte qui a juste les droits de lecture des comptes que vous souhaitez récupérer, ou bien configurer l'anonymous bind.
michaelh
Active Member

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Message à destination de Belmekki SEULEMENT.

Bonjour,

Merci de ne pas"détourner" un message existant. Il est impossible de suivre deux problèmes différents dans un même message. Merci de poster un nouveau message en suivant ces quelques règles de base : http://forums.alfresco.com/fr/viewtopic.php?f=6&t=86

Aux autres donc de ne pas répondre à Belmekki pour ne pas rendre ce sujet illisible.
rguinot
Active Member

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Belmekki,

Merci en effet de ne pas hijacker les threads de discussion. Merci de faire un effort sur l'orthographe. Alfresco ne propose pas encore d'interface SMS (si vous voulez la contribuer d'ailleurs…)

Concernant votre problème, il est probablement différent. Ouvrez plutôt un autre sujet, décrivez votre environnement, votre problème, ce qui ne fonctionne pas, ce que vous avez fait, et donnez les logs et les fichiers de configuration pertinents.
jack_8100
Member II

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Alors déjà je suis ravi qu'autant de reponses se presentent à moi aussi vite. C'est agréable.

Bon je vais essayer de répondre post après post .
Alors tout d'abord pour Alex et MichealH:

Il est vrai que seul les fichiers .properties devait etre modifié, j'ai ajouter les autres fichiers au cas ou, mais je n'y ai pas toucher. Cela dit "chaining-authentication-context.xml" devait il etre aussi modifié ou n'aurais-je pas du y toucher ?

Pour les informations de la propriété credential (password) devrait être bon , car par defaut le mot de passe est "secret" pour l'admin.
Et dans l'arborescence de mon annuaire j'ai bien ceci :
dc= com
    |–dc=example
    |      |–ou=users
    |      |       |–cn="nom des utilisateurs"
ou=system
    |–uid=admin

d'ou :
ldap.authentication.userNameFormat=cn=%s,ou=users,dc=example,dc=com

Cela dit peut être que je me trompe, et dans ce cas, à quoi doit ressembler le userNameFormat ?

Pour RGuignot :

Je ne connais pas vraiment ldapsearch, je tiens a préciser que je travaille sous windows et que pour lancer mon serveur je passe par une interface graphique.
D'après ce que j'ai pu lire c'est comme une commande client pour parcourir un serveur LDAP. Pour ma part, j'ai utilisé différent clients comme JXplorer ou Softerra(en version d'evaluation), et  j'ai pu me connecter sans incident à mon annuaire avec les memes informations que dans le fichier de propriété d'authentification.

Cela dit, je n'ai pas créé de compte avec les droits de lecture sur les autres comptes. Donc je vais tester ca ce soir.
Si ca ne marche pas, je vais tenter de trouver des informations sur la configuration de l' "anonymous bind".
jack_8100
Member II

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

Probleme résolu.
J'ai supprimer mon fichier chaining-authentication-context.xml

et dans le fichier de propriété j'ai modifié le usernameformat à
ldap.authentication.userNameFormat=[b]uid[/b]=%s,ou=users,dc=example,dc=com

J'ai reussi a me connecter normalement.
Mais je n'arrive plus a me connecter avec le compte admin d'alfresco initial. Est ce l'exportation qui doit se charger d'ajouter ce compte au serveur LDAP ou je dois configurer quelquechose ?
Dans tous les cas vous êtes mes bienfaiteurs   Smiley Tongue
rguinot
Active Member

Re: [Resolu]Synchronisation Alfresco + LDAP (Apache Directory)

D'après mes souvenirs, il faut mapper un (ou plusieurs) users de ton LDAP qui deviendront admins d'Alfresco. Le user "admin" original disparaît.

Il faut surcharger le bean authorityService dans WEB-INF/classes/alfresco/authority-services-context.xml, et en créer un dans un fichier de contexte (configuration) externalisée pour être plus propre.

exemple :

<bean id="authorityService" class="org.alfresco.repo.security.authority.AuthorityServiceImpl">
        <property name="authenticationComponent">
            <ref bean="authenticationComponent" />
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="authorityDAO">
            <ref bean="authorityDAO" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <!–                                                                  –>
        <!– A list of users with admin rights.                               –>
        <!–                                                                  –>
        <!– If the security framework is case sensitive these values should  –>
        <!– be case sensitive user names. If the security framework is not   –>
        <!– case sensitive these values should be the lower-case user names. –>
        <!–                                                                  –>
        <!– By default this includes:                                        –>
        <!–    admin (the user name of default alfresco admin user)          –>
        <!–    administrator (the windows default admin user)                –>
        <!–                                                                  –>
        <!– This assumes that user names are not case sensitive.             –>
        <!–                                                                  –>
        <property name="adminUsers">
            <set>
             <value>rguinot</value>
                        <value>other_admin</value>
          </set>
        </property>
    </bean>

Les choses devraient se passer.