Connecting Alfresco to LDAP

To configure Alfresco Community

1. Go to <Alfresco Community installation directory>\tomcat\shared\classes and open for edit the alfresco-global.properties file.

2. Copy the following text and paste it at the end of the file:

   authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
   
   create.missing.people=false
   
   alfresco.authentication.allowGuestLogin=false
   # Disable guest logins
   
   ntlm.authentication.mapUnknownUserToGuest=false
   # Disable guest logins
   
   ntlm.authentication.sso.enabled=false
   # Disable SSO logins
   
   ldap.synchronization.groupSearchBase=dc=test,dc=local
   # Domain search base
   
   ldap.synchronization.userSearchBase=dc=test,dc=local
   # Domain search base
   
   
   #########################
   #LDAP AUTHENTIFICATION #
   #########################
   ldap.authentication.active=true
   
   ldap.authentication.allowGuestLogin=false
   # Disable guest logins
   
   ldap.authentication.userNameFormat=%s@test.local
   
   ldap.authentication.java.naming.provider.url=ldap://AD_SERVER_ADDRESS:389
   # AD server address
   
   ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
   # Admin users logins
   
   
   ########################
   #LDAP SYNCHRONISATION #
   ########################
   synchronization.synchronizeChangesOnly=false
   # Do full synchronize
   
   synchronization.allowDeletions=true
   # Allow deletion info from local Alfresco
   
   synchronization.syncWhenMissingPeopleLogIn=true
   # Tries to find user in allowed Ad group
   
   synchronization.syncOnStartup=true
   # synchronize AD on reboot
   
   ldap.synchronization.active=true
   
   ldap.synchronization.java.naming.security.principal=ldap_read
   # User with LDAP read rights login
   
   ldap.synchronization.java.naming.security.credentials=asdf1234+
   # User with LDAP read rights password
   
   synchronization.import.cron=00/15 * * * ?
   # synchronisation starts every 15 minutes!
   
   
   #####################
   #LDAP PERSON QUERY #
   #####################
   ldap.synchronization.personQuery=(&(objectclass\=user)
   (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)
   (userAccountControl:1.2.840.113556.1.4.803:=512))
   # Query to grabb all users in alfresco group with full path
   
   ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)
   (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)
   (userAccountControl:1.2.840.113556.1.4.803:=512))
   # Query to grabb all users in alfresco group with full path (force full sync)
   
   
   #####################
   #LDAP GROUP QUERY #
   ####################
   ldap.synchronization.groupQuery=(&(objectclass\=group)(|(cn\=alfresco)
   (memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)))
   # Query to grabb alfresco group with full path
   
   ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)
   (|(cn\=alfresco)(memberOf\=cn\=alfresco,ou\=alfrescounit,dc\=test,dc\=local)))
   # Query to grabb alfresco group with full path (force full sync)

3. Save and close the file.

4. Re-start Alfresco Community.

Related pages

• Administrator Guide