What is Alfresco CIFS authenticator for openLDAP users addon ?
Actually, Alfresco provides some CIFS authenticators (passthru,
ntlm…), but not for a LDAP subsystem. To solve this problem, we have
implemented a component that allows you to use CIFS with openLDAP users.
How to install it
The installation is tracked via an AMP package. First, stop
Alfresco, copy the file in ${ALF_HOME}/amps and use
${ALF_HOME}/bin/apply_amps.sh script to install
the AMP file. Then, copy configuration files to the extension
directory to customize and configure the authentication parameters.
Once they are configured, restart your Alfresco instance.
How to configure it
In alfresco-global.properties, we can add the new subsystem in
the authentication.chain of
alfresco-global.properties file.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,myldap:ldap,ldapSamba1:ldapSamba
Then we can customize the authentication subsystem with the
help of the files:
${EXT_ROOT}/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication-context.xml
${EXT_ROOT}/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication.properties
where ${EXT_ROOT} should be something similar to /opt/alfresco4/tomcat/shared/classes/alfresco/extension/
Custom properties
An example of custom properties are:
# LDAP Connection properties ldap.samba.authentication.java.naming.provider.url=ldap://ldap.example.com:389 ldap.samba.authentication.base=dc=example,dc=com ldap.samba.authentication.userbase=ou=People # The user defined below must be able to execute user search querys in LDAP (administrator) ldap.samba.java.naming.security.principal=cn=admin,dc=example,dc=com ldap.samba.java.naming.security.credentials=secret
Notes
Each LDAP user needs to store the password as an MD4 hash and
we will solve this by adding a sambaSamAccount object class to the
user profile. This object class and its attributes are defined in the
samba.schema file, which is part of the samba-doc package. To install
this new schema, have a look at the documentation for your Linux
distribution in the sections talking about how to add an LDAP schema
to OpenLDAP.
It is important to note that the other CIFS-able subsystems
must be deactivated (only one of the subsystems can use CIFS – in fact
the first one in the chain). In
alfresco-global.properties file:
alfresco.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=false
Where to find more information
For more information about this addon, Contact with us clicking in
this Link
Links
- http://addons.alfresco.com/addons/alfresco-cifs-authenticator-openldap-users
- https://www.zylk.net/actualidad/subsistemas-de-autenticacion-extendidos-en-alfresco-ldap-compatible-con-cifs/
