Need to know how to get LDAP working with your Alfresco installation?
Confused by all of what you’ve read on forums and wikis?
Then follow this guide :
1. Edit /YOUR_Glassfish/domains/domain1/lib/classes/alfresco-global.properties, let alfresco use LDAP authentication chain:
Before : authentication.chain=alfrescoNtlm1:alfrescoNtlm
After : authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
2. Create folder /YOUR_Glassfish/domains/domain1/lib/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
3. Copy file /YOUR_Glassfish/domains/domain1/applications/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml to /YOUR_Glassfish/domains/domain1/lib/classes/alfresco/extension/subsystems/Authentication/ldap/common-ldap-context.xml
4. Copy the two files (ldap-authentication.properties, ldap-authentication-context.xml) in /YOUR_Glassfish/domains/domain1/applications/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ to /YOUR_Glassfish/domains/domain1/lib/classes/alfresco/subsystems/Authentication/ldap/ldap1/
5. Edit /YOUR_Glassfish/domains/domain1/lib/classes/alfresco/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties for ldap setting:
ldap-authentication.properties
# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple
# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=YOUR_PRINCIPAL_NAME
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=YOUR_PASSWORD
# How to map the user id entered by the user to that passed through to LDAP
# - simple
# - this must be a DN and would be something like
# uid=%s,ou=People,dc=company,dc=com
# - digest
# - usually pass through what is entered
# %s
# If not set, an LDAP query involving ldap.synchronization.personQuery and
# ldap.synchronization.userIdAttributeName will
# be performed to resolve the DN dynamically.
ldap.authentication.userNameFormat=CN=%s,CN=Users,DC=your company
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=Your LDAP URL
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true
# The query to select all objects that represent the groups to import.
#ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=Your search base
# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.
ldap.synchronization.queryBatchSize=10
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=person)
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=Your user search base
# The attribute name on people objects found in LDAP to use as the uid in Alfresco, depend on your LDAP server
ldap.synchronization.userIdAttributeName=cn
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
# The attribute on person objects in LDAP to map to the email property in Alfresco,depend on your LDAP server
ldap.synchronization.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the first name property in Alfresco, depend on your LDAP server
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco,depend on your LDAP server
ldap.synchronization.userLastNameAttributeName=sn
# The default home folder provider to use for people created via LDAP import,depend on your LDAP server
ldap.synchronization.userOrganizationalIdAttributeName=company
6. Restart glassfish. Alfresco Explorer and Share should now work with your LDAP server.