Configuring Alfresco Community

  1. Go to <Alfresco Community installation directory>\tomcat\shared\classes and open for edit the alfresco-global.properties file.
  2. Copy the following text, paste it at the end of the file and replace the placeholders for property values with your information.

    authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
    
    create.missing.people=false
    
    alfresco.authentication.allowGuestLogin=false
    # Disable guest logins
    
    ntlm.authentication.mapUnknownUserToGuest=false
    # Disable guest logins
    
    ntlm.authentication.sso.enabled=false
    # Disable SSO logins
    
    ldap.synchronization.groupSearchBase=dc=test,dc=local
    # Domain search base
    
    ldap.synchronization.userSearchBase=dc=test,dc=local
    # Domain search base
    
    
    #########################
    #LDAP AUTHENTIFICATION #
    #########################
    ldap.authentication.active=true
    
    ldap.authentication.allowGuestLogin=false
    # Disable guest logins
    
    ldap.authentication.userNameFormat=%s@test.local
    
    ldap.authentication.java.naming.provider.url=ldap://AD_SERVER_ADDRESS:389
    # AD server address
    
    ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
    # Admin users logins
    
    
    ########################
    #LDAP SYNCHRONISATION #
    ########################
    synchronization.synchronizeChangesOnly=false
    # Do full synchronize
    
    synchronization.allowDeletions=true
    # Allow deletion info from local Alfresco
    
    synchronization.syncWhenMissingPeopleLogIn=true
    # Tries to find user in allowed Ad group
    
    synchronization.syncOnStartup=true
    # synchronize AD on reboot
    
    ldap.synchronization.active=true
    
    ldap.synchronization.java.naming.security.principal=ldap_read
    # User with LDAP read rights login
    
    ldap.synchronization.java.naming.security.credentials=asdf1234+
    # User with LDAP read rights password
    
    synchronization.import.cron=00/15 * * * ?
    # synchronisation starts every 15 minutes!
    
    
    #####################
    #LDAP PERSON QUERY #
    #####################
    ldap.synchronization.personQuery=(&(objectclass\=user)
    (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)
    (userAccountControl:1.2.840.113556.1.4.803:=512))
    # Query to grabb all users in alfresco group with full path
    
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)
    (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)
    (userAccountControl:1.2.840.113556.1.4.803:=512))
    # Query to grabb all users in alfresco group with full path (force full sync)
    
    
    #####################
    #LDAP GROUP QUERY #
    ####################
    ldap.synchronization.groupQuery=(&(objectclass\=group)(|(cn\=alfresco)
    (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)))
    # Query to grabb alfresco group with full path
    
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)
    (|(cn\=alfresco)(memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)))
    # Query to grabb alfresco group with full path (force full sync)

     

    Some property values in the text above are just placeholders. Make sure to replace them with your information.


  3. Save and close the file.
  4. Re-start Alfresco Community.