1:alfresco ldap配置openldap
############################### ## Common Alfresco Properties # ############################### dir.root=E:/dev/ALFRES~1/alf_data alfresco.context=alfresco alfresco.host=127.0.0.1 alfresco.port=8080 alfresco.protocol=http share.context=share share.host=127.0.0.1 share.port=8080 share.protocol=http ### database connection properties ### db.driver=org.postgresql.Driver db.username=alfresco db.password=q1w2e3r4 db.name=alfresco db.url=jdbc:postgresql://localhost:5432/${db.name} # Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this. db.pool.max=275 db.pool.validate.query=SELECT 1 # The server mode. Set value here # UNKNOWN | TEST | BACKUP | PRODUCTION system.serverMode=UNKNOWN ### FTP Server Configuration ### ftp.port=21 ### RMI registry port for JMX ### alfresco.rmi.services.port=50500 ### External executable locations ### ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe ooo.enabled=true ooo.port=8100 img.root=E:\\dev\\alfresco-community\\imagemagick img.coders=${img.root}\\modules\\coders img.config=${img.root} img.gslib=${img.root}\\lib img.exe=${img.root}\\convert.exe jodconverter.enabled=false jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice jodconverter.portNumbers=8100 ### Initial admin password ### alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4 ### E-mail site invitation setting ### notification.email.siteinvite=false ### License location ### dir.license.external=E:/dev/ALFRES~1 ### Solr indexing ### index.subsystem.name=solr4 dir.keystore=${dir.root}/keystore solr.host=localhost solr.port.ssl=8443 ### Allow extended ResultSet processing security.anyDenyDenies=false ### Smart Folders Config Properties ### smart.folders.enabled=false ### Remote JMX (Default: disabled) ### alfresco.jmx.connector.enabled=false ##Freddy Shen ##uses an Active Directory server and configures an instance of the ldap-ad subsystem. authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad ntlm.authentication.sso.enabled=false ldap.authentication.allowGuestLogin=false ldap.authentication.userNameFormat=%s@km.com ldap.authentication.java.naming.provider.url=ldap://win-0d3fm3f3n1k.km.com:389 ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco ldap.synchronization.java.naming.security.principal=alfresco@km.com ldap.synchronization.java.naming.security.credentials=secret ldap.synchronization.groupSearchBase=ou=Security Groups,ou=Alfresco\,dc=km,dc=com ldap.synchronization.userSearchBase=ou=User Accounts,ou=Alfresco,dc=com 就这几行,就解决了,不要配置太麻烦。
2:alfresco ldap配置window的AD域
修改alfresco配置alfresco-community\tomcat\shared\classes文件alfresco-global.properties
配置内容如下:
############################### ## Common Alfresco Properties # ############################### dir.root=E:/dev/ALFRES~1/alf_data alfresco.context=alfresco alfresco.host=127.0.0.1 alfresco.port=8080 alfresco.protocol=http share.context=share share.host=127.0.0.1 share.port=8080 share.protocol=http ### database connection properties ### db.driver=org.postgresql.Driver db.username=alfresco db.password=q1w2e3r4 db.name=alfresco db.url=jdbc:postgresql://localhost:5432/${db.name} # Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this. db.pool.max=275 db.pool.validate.query=SELECT 1 # The server mode. Set value here # UNKNOWN | TEST | BACKUP | PRODUCTION system.serverMode=UNKNOWN ### FTP Server Configuration ### ftp.port=21 ### RMI registry port for JMX ### alfresco.rmi.services.port=50500 ### External executable locations ### ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe ooo.enabled=true ooo.port=8100 img.root=E:\\dev\\alfresco-community\\imagemagick img.coders=${img.root}\\modules\\coders img.config=${img.root} img.gslib=${img.root}\\lib img.exe=${img.root}\\convert.exe jodconverter.enabled=false jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice jodconverter.portNumbers=8100 ### Initial admin password ### alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4 ### E-mail site invitation setting ### notification.email.siteinvite=false ### License location ### dir.license.external=E:/dev/ALFRES~1 ### Solr indexing ### index.subsystem.name=solr4 dir.keystore=${dir.root}/keystore solr.host=localhost solr.port.ssl=8443 ### Allow extended ResultSet processing security.anyDenyDenies=false ### Smart Folders Config Properties ### smart.folders.enabled=false ### Remote JMX (Default: disabled) ### alfresco.jmx.connector.enabled=false ###Freddy Shen ###uses an Active Directory server and configures an instance of the ldap-ad subsystem. authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad #(每次都是full方式同步,更新所有用户信息) ldap.synchronization.synchronizeChangesOnly=false ntlm.authentication.sso.enabled=false #是否允许匿名用户登录,按照你的情况选择,这里我们选择false ldap.authentication.allowGuestLogin=false #选择用来认证的用户DN中用户节点的映射方式 ldap.authentication.userNameFormat=%s@datamsg.com #LDAP服务器地址 ldap.authentication.java.naming.provider.url=ldap://127.0.0.9:389 #系统的管理员用户,可以是多个,用逗号分隔。这个用户将获得登录你alfresco的管理员后台的权限。必须是你LDAP目录结构中存在的用户 ldap.authentication.defaultAdministratorUserNames=Administrator # The default principal to use (only used for LDAP sync) #用来同步使用的LDAP服务器管理员帐号 ldap.synchronization.java.naming.security.principal=Administrator@mydatainfo.com #上面指定的管理员帐号的密码 ldap.synchronization.java.naming.security.credentials=myData6666 #用户组信息的位置 ldap.synchronization.groupSearchBase=ou=Security Groups,dc=mydatainfo,dc=com #用户信息位置 ldap.synchronization.userSearchBase=ou=User Accounts,dc=com 只需要配置红色这几行,配置成功后,用AD域用户登录,首次登录会很慢【需要同步】,后面登录就会很快。 note:不登录,账户不会在alfresc系统中看到AD域的用户。 如果提示不能登录,请仔细检查,上面红色几行,参数 如下图:是密码输入错误 成功登录后: alfresco-global.properties文档说明: ############################### ## Common Alfresco Properties # ############################### dir.root=E:/dev/ALFRES~1/alf_data alfresco.context=alfresco alfresco.host=127.0.0.1 alfresco.port=8080 alfresco.protocol=http share.context=share share.host=127.0.0.1 share.port=8080 share.protocol=http ### database connection properties ### db.driver=org.postgresql.Driver db.username=alfresco db.password=q1w2e3r4 db.name=alfresco db.url=jdbc:postgresql://localhost:5432/${db.name} # Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this. db.pool.max=275 db.pool.validate.query=SELECT 1 # The server mode. Set value here # UNKNOWN | TEST | BACKUP | PRODUCTION system.serverMode=UNKNOWN ### FTP Server Configuration ### ftp.port=21 ### RMI registry port for JMX ### alfresco.rmi.services.port=50500 ### External executable locations ### ooo.exe=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice/program/soffice.exe ooo.enabled=true ooo.port=8100 img.root=E:\\dev\\alfresco-community\\imagemagick img.coders=${img.root}\\modules\\coders img.config=${img.root} img.gslib=${img.root}\\lib img.exe=${img.root}\\convert.exe jodconverter.enabled=false jodconverter.officeHome=E:/dev/ALFRES~1/LIBREO~1/App/libreoffice jodconverter.portNumbers=8100 ### Initial admin password ### alfresco_user_store.adminpassword=fa31ee7e163000674d3b568dec1710a4 ### E-mail site invitation setting ### notification.email.siteinvite=false ### License location ### dir.license.external=E:/dev/ALFRES~1 ### Solr indexing ### index.subsystem.name=solr4 dir.keystore=${dir.root}/keystore solr.host=localhost solr.port.ssl=8443 ### Allow extended ResultSet processing security.anyDenyDenies=false ### Smart Folders Config Properties ### smart.folders.enabled=false ### Remote JMX (Default: disabled) ### alfresco.jmx.connector.enabled=false ###Freddy Shen ###uses an Active Directory server and configures an instance of the ldap-ad subsystem. #authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad #ntlm.authentication.sso.enabled=false #ldap.authentication.allowGuestLogin=false #ldap.authentication.userNameFormat=%s@km.com #ldap.authentication.java.naming.provider.url=ldap://win-0d3fm3f3n1k.km.com:389 #ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco #ldap.synchronization.java.naming.security.principal=alfresco@km.com #ldap.synchronization.java.naming.security.credentials=secret #ldap.synchronization.groupSearchBase=ou=Security Groups,dc=com #ldap.synchronization.userSearchBase=ou=User Accounts,dc=com ##authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap authentication.chain=alfrescoNtlm:alfrescoNtlm,ldap1:ldap ntlm.authentication.sso.enabled=false #是否允许匿名用户登录,按照你的情况选择,这里我们选择false ###ldap.authentication.allowGuestLogin=false #选择用来认证的用户DN中用户节点的映射方式 #ldap.authentication.userNameFormat=uid\=%s,ou\=people,dc\=ccxe,dc\=com,dc\=cn #ldap.authentication.userNameFormat=%s@ecdata.com ###ldap.authentication.userNameFormat=uid\=%s,dc\=ecdata,dc\=com #LDAP服务器地址 ###ldap.authentication.java.naming.provider.url=ldap://10.10.10.106:389 #系统的管理员用户,可以是多个,用逗号分隔。这个用户将获得登录你alfresco的管理员后台的权限。必须是你LDAP目录结构中存在的用户 #ldap.authentication.defaultAdministratorUserNames=uid\=zmpostfix,cn\=appaccts,cn\=zimbra ###ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,Freddy4 # The default principal to use (only used for LDAP sync) #用来同步使用的LDAP服务器管理员帐号 #ldap.synchronization.java.naming.security.principal=uid\=zmpostfix,cn\=zimbra ###ldap.synchronization.java.naming.security.principal=alfresco@ecdata.com #上面指定的管理员帐号的密码 ###ldap.synchronization.java.naming.security.credentials=secret #设定查询组的时候选取的类型 #ldap.synchronization.groupQuery=(objectclass\=groupOfNames) #用户组信息的位置 #ldap.synchronization.groupSearchBase=dc\=ccxe,dc\=cn ###ldap.synchronization.groupSearchBase=ou=Security Groups,dc=ecdata,dc=com #用户信息位置 #ldap.synchronization.userSearchBase=ou\=people,dc\=cn ###ldap.synchronization.userSearchBase=ou\=people,dc=com #查询时针对作出改动的节点同步使用的表达式(下同) #ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0}))) #设定查询用户的时候选取的类型 #ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)