Alfresco CIFS authenticator for openLDAP users addon

 

What is Alfresco CIFS authenticator for openLDAP users addon ?

Actually, Alfresco provides some CIFS authenticators (passthru, ntlm...), but not for a LDAP subsystem. To solve this problem, we have implemented a component that allows you to use CIFS with openLDAP users.

 

How to install it

The installation is tracked via an AMP package. First, stop Alfresco, copy the file in ${ALF_HOME}/amps and use ${ALF_HOME}/bin/apply_amps.sh script to install the AMP file. Then, copy configuration files to the extension directory to customize and configure the authentication parameters. Once they are configured, restart your Alfresco instance.

How to configure it

In alfresco-global.properties, we can add the new subsystem in the authentication.chain of alfresco-global.properties file.

authentication.chain=alfrescoNtlm1:alfrescoNtlm,myldap:ldap,ldapSamba1:ldapSamba

Then we can customize the authentication subsystem with the help of the files:

${EXT_ROOT}/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication-context.xml
${EXT_ROOT}/subsystems/Authentication/ldapSamba/ldapSamba1/ldap-samba-authentication.properties

where ${EXT_ROOT} should be something similar to /opt/alfresco4/tomcat/shared/classes/alfresco/extension/

Custom properties

An example of custom properties are:

# LDAP Connection properties
ldap.samba.authentication.java.naming.provider.url=ldap://ldap.example.com:389
ldap.samba.authentication.base=dc=example,dc=com
ldap.samba.authentication.userbase=ou=People

# The user defined below must be able to execute user search querys in LDAP (administrator)
ldap.samba.java.naming.security.principal=cn=admin,dc=example,dc=com
ldap.samba.java.naming.security.credentials=secret


Notes

Each LDAP user needs to store the password as an MD4 hash and we will solve this by adding a sambaSamAccount object class to the user profile. This object class and its attributes are defined in the samba.schema file, which is part of the samba-doc package. To install this new schema, have a look at the documentation for your Linux distribution in the sections talking about how to add an LDAP schema to OpenLDAP.

It is important to note that the other CIFS-able subsystems must be deactivated (only one of the subsystems can use CIFS - in fact the first one in the chain). In alfresco-global.properties file:

alfresco.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=false


Where to find more information

For more information about this addon, Contact with us clicking in this Link

Links

00

More Blog Entries

0 Comments