alfresco ldap配置openldap server 和 window的AD域

前端之家收集整理的这篇文章主要介绍了alfresco ldap配置openldap server 和 window的AD域前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1:alfresco ldap配置openldap


###############################
## Common Alfresco Properties #
###############################

dir.root=E:/dev/ALFRES~1/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=q1w2e3r4
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections.  Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
img.root=E:\\dev\\alfresco-community\\imagemagick
img.coders=${img.root}\\modules\\coders
img.config=${img.root}
img.gslib=${img.root}\\lib
img.exe=${img.root}\\convert.exe

jodconverter.enabled=false
jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=E:/dev/ALFRES~1

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false


##Freddy Shen 
##uses an Active Directory server and configures an instance of the ldap-ad subsystem.
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@km.com
ldap.authentication.java.naming.provider.url=ldap://win-0d3fm3f3n1k.km.com:389
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.java.naming.security.principal=alfresco@km.com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.groupSearchBase=ou=Security Groups,ou=Alfresco\,dc=km,dc=com
ldap.synchronization.userSearchBase=ou=User Accounts,ou=Alfresco,dc=com

就这几行,就解决了,不要配置太麻烦。







2:alfresco ldap配置window的AD域

修改alfresco配置alfresco-community\tomcat\shared\classes文件alfresco-global.properties


配置内容如下:

###############################
## Common Alfresco Properties #
###############################

dir.root=E:/dev/ALFRES~1/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=q1w2e3r4
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections.  Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
img.root=E:\\dev\\alfresco-community\\imagemagick
img.coders=${img.root}\\modules\\coders
img.config=${img.root}
img.gslib=${img.root}\\lib
img.exe=${img.root}\\convert.exe

jodconverter.enabled=false
jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=E:/dev/ALFRES~1

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false


###Freddy Shen 
###uses an Active Directory server and configures an instance of the ldap-ad subsystem.
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
#(每次都是full方式同步,更新所有用户信息)
ldap.synchronization.synchronizeChangesOnly=false
ntlm.authentication.sso.enabled=false
#是否允许匿名用户登录,按照你的情况选择,这里我们选择false
ldap.authentication.allowGuestLogin=false 
#选择用来认证的用户DN中用户节点的映射方式
ldap.authentication.userNameFormat=%s@datamsg.com
#LDAP服务器地址
ldap.authentication.java.naming.provider.url=ldap://127.0.0.9:389
#系统的管理员用户,可以是多个,用逗号分隔。这个用户将获得登录你alfresco的管理员后台的权限。必须是你LDAP目录结构中存在的用户
ldap.authentication.defaultAdministratorUserNames=Administrator
# The default principal to use (only used for LDAP sync)
#用来同步使用的LDAP服务器管理员帐号
ldap.synchronization.java.naming.security.principal=Administrator@mydatainfo.com
#上面指定的管理员帐号的密码
ldap.synchronization.java.naming.security.credentials=myData6666
#用户组信息的位置
ldap.synchronization.groupSearchBase=ou=Security Groups,dc=mydatainfo,dc=com
#用户信息位置
ldap.synchronization.userSearchBase=ou=User Accounts,dc=com


只需要配置红色这几行,配置成功后,用AD域用户登录,首次登录会很慢【需要同步】,后面登录就会很快。
note:不登录,账户不会在alfresc系统中看到AD域的用户。

如果提示不能登录,请仔细检查,上面红色几行,参数

如下图:是密码输入错误



成功登录后:





alfresco-global.properties文档说明:

###############################
## Common Alfresco Properties #
###############################

dir.root=E:/dev/ALFRES~1/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=q1w2e3r4
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
img.root=E:\\dev\\alfresco-community\\imagemagick
img.coders=${img.root}\\modules\\coders
img.config=${img.root}
img.gslib=${img.root}\\lib
img.exe=${img.root}\\convert.exe

jodconverter.enabled=false
jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=E:/dev/ALFRES~1

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false


###Freddy Shen 
###uses an Active Directory server and configures an instance of the ldap-ad subsystem.
#authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
#ntlm.authentication.sso.enabled=false
#ldap.authentication.allowGuestLogin=false
#ldap.authentication.userNameFormat=%s@km.com
#ldap.authentication.java.naming.provider.url=ldap://win-0d3fm3f3n1k.km.com:389
#ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
#ldap.synchronization.java.naming.security.principal=alfresco@km.com
#ldap.synchronization.java.naming.security.credentials=secret
#ldap.synchronization.groupSearchBase=ou=Security Groups,dc=com
#ldap.synchronization.userSearchBase=ou=User Accounts,dc=com

##authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
authentication.chain=alfrescoNtlm:alfrescoNtlm,ldap1:ldap
ntlm.authentication.sso.enabled=false

#是否允许匿名用户登录,按照你的情况选择,这里我们选择false
###ldap.authentication.allowGuestLogin=false

#选择用来认证的用户DN中用户节点的映射方式
#ldap.authentication.userNameFormat=uid\=%s,ou\=people,dc\=ccxe,dc\=com,dc\=cn
#ldap.authentication.userNameFormat=%s@ecdata.com
###ldap.authentication.userNameFormat=uid\=%s,dc\=ecdata,dc\=com

#LDAP服务器地址
###ldap.authentication.java.naming.provider.url=ldap://10.10.10.106:389

#系统的管理员用户,可以是多个,用逗号分隔。这个用户将获得登录你alfresco的管理员后台的权限。必须是你LDAP目录结构中存在的用户
#ldap.authentication.defaultAdministratorUserNames=uid\=zmpostfix,cn\=appaccts,cn\=zimbra
###ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,Freddy4

# The default principal to use (only used for LDAP sync)
#用来同步使用的LDAP服务器管理员帐号
#ldap.synchronization.java.naming.security.principal=uid\=zmpostfix,cn\=zimbra 
###ldap.synchronization.java.naming.security.principal=alfresco@ecdata.com

#上面指定的管理员帐号的密码
###ldap.synchronization.java.naming.security.credentials=secret

#设定查询组的时候选取的类型
#ldap.synchronization.groupQuery=(objectclass\=groupOfNames)

#用户组信息的位置
#ldap.synchronization.groupSearchBase=dc\=ccxe,dc\=cn
###ldap.synchronization.groupSearchBase=ou=Security Groups,dc=ecdata,dc=com

#用户信息位置
#ldap.synchronization.userSearchBase=ou\=people,dc\=cn
###ldap.synchronization.userSearchBase=ou\=people,dc=com

#查询时针对作出改动的节点同步使用的表达式(下同)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))

#设定查询用户的时候选取的类型
#ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

猜你在找的Bash相关文章