Results 1 to 6 of 6

Thread: Connecting Alfresco to Zimbra LDAP

Hybrid View

  1. #1
    Join Date
    Nov 2009
    Posts
    11
    Rep Power
    5

    Default Connecting Alfresco to Zimbra LDAP

    Hi. Alfresco is advanced document management with integrated NFS, CIFS, FTP... It can sync users and groups from LDAP.

    Anyway, I've integrated succesfully Zimbra and samba/posix zimlets (addons) and I've set up Zimbra's LDAP as master LDAP for Samba PDC. So, users are now added only in one place - in Zimbra's administration panel.

    Now I want to sync Alfresco with Zimbra LDAP users/groups. I've succeded pretty much with it, with only one problem remaining. I can't connect users to groups. Although they are set OK in LDAP, and in Zimbra, in alfresco I can see all the groups and all the users, but there is no connection between them.

    Problem is I don't understand what LDAP settings I should set...
    Here is my /var/lib/tomcat5/shared/classes/alfresco/extension/subsystems/Authentication/ldap/zimbraldap/ldap-authentication.properties:
    Code:
    ldap.authentication.active=true
    ldap.authentication.allowGuestLogin=true
    ldap.authentication.userNameFormat=uid=%s,ou=people,dc=zimbra,dc=company,dc=com
    ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    ldap.authentication.java.naming.provider.url=ldap://IP_OF_LDAP:389
    ldap.authentication.java.naming.security.authentication=simple
    ldap.authentication.escapeCommasInBind=false
    ldap.authentication.escapeCommasInUid=false
    ldap.authentication.defaultAdministratorUserNames=jsosic
    ldap.synchronization.active=true
    ldap.synchronization.java.naming.security.principal=cn=config
    ldap.synchronization.java.naming.security.credentials=PASSWORD
    ldap.synchronization.queryBatchSize=1000
    ldap.synchronization.groupQuery=(objectclass\=posixGroup)
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
    ldap.synchronization.personQuery=(objectclass\=posixAccount)
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
    ldap.synchronization.groupSearchBase=ou=groups,dc=company,dc=com
    ldap.synchronization.userSearchBase=ou=people,dc=zimbra,dc=company,dc=com
    ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
    ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
    ldap.synchronization.userIdAttributeName=uid
    ldap.synchronization.userFirstNameAttributeName=givenName
    ldap.synchronization.userLastNameAttributeName=sn
    ldap.synchronization.userEmailAttributeName=mail
    ldap.synchronization.userOrganizationalIdAttributeName=zimbraId ***
    ldap.synchronization.defaultHomeFolderProvider=homeDirectory
    ldap.synchronization.groupIdAttributeName=gidNumber
    ldap.synchronization.groupType=posixGroup ***
    ldap.synchronization.personType=organizationalPerson ***
    ldap.synchronization.groupMemberAttributeName=memberUid ***
    ldap.synchronization.enableProgressEstimation=true
    I don't understand from Zimbra LDAP what value should I set for groupType and personType attributes? I've set organizationalPerson, because default value was inetOrgPerson. groupType default was groupOfNames... Which doesn't ring a clue for me How can I be sure I've selected the correct ones?
    I also totaly don't understand userOrganizationalIdAttributeName and how to find it in slapcat's output. Default value in Alfresco config file was 'o', like this:
    Code:
    ldap.synchronization.userOrganizationalIdAttributeName=o
    I would appreciate any kind of help...

  2. #2
    Join Date
    Jun 2009
    Posts
    17
    Rep Power
    6

    Unhappy LDAP Zimbra+Alfresco

    Hi,

    I am already using zimbra mail server. Recently i have installed alfresco open source software its working fine Now i want integrate the Zimbra ldap to alfresco could please some one help me on this

    what are changes i need to do in the alfresco server

    Thanks & Regards
    Manickam
    Last edited by kmanickam; 09-29-2010 at 12:01 AM.

  3. #3
    Join Date
    Feb 2012
    Posts
    1
    Rep Power
    3

    Smile

    Quote Originally Posted by kmanickam View Post
    Hi,

    I am already using zimbra mail server. Recently i have installed alfresco open source software its working fine Now i want integrate the Zimbra ldap to alfresco could please some one help me on this

    what are changes i need to do in the alfresco server

    Thanks & Regards
    Manickam
    Hi kmanickam,

    I am very interested with your topic. please help me if you success.

    Thanks a lot.

  4. #4
    Join Date
    Aug 2010
    Posts
    3
    Rep Power
    5

    Default Group membership resolution

    Hello, did You resolved your issue?

    Generally, could not be the groupType the same groupType you type in by the definition of the posix group in the posix Zimlet?

    cheers, Archie

  5. #5
    Join Date
    Jun 2009
    Posts
    17
    Rep Power
    6

    Default

    Quote Originally Posted by linhart1 View Post
    Hello, did You resolved your issue?

    Generally, could not be the groupType the same groupType you type in by the definition of the posix group in the posix Zimlet?

    cheers, Archie
    No I am tried, but it not successfull with zimbra LDAP

    Please let me know if any one have good news on this

    Thanks
    Manickam

  6. #6
    Join Date
    Mar 2008
    Location
    Pakistan
    Posts
    81
    Rep Power
    7

    Default

    Zimbra is not using simple authentication, it use DIGEST-MD5.
    You can try the following settings, it is working on my side

    ldap.authentication.active=true
    ldap.authentication.allowGuestLogin=false
    ldap.authentication.userNameFormat=uid\=%s,ou\=use rs,dc\=XXXX,dc\=com
    ldap.authentication.java.naming.factory.initial=co m.sun.jndi.ldap.LdapCtxFactory
    ldap.authentication.java.naming.provider.url=ldap://XXXXXXX:389
    ldap.authentication.java.naming.security.authentic ation=DIGEST-MD5
    ldap.authentication.escapeCommasInBind=false
    ldap.authentication.escapeCommasInUid=false
    ldap.authentication.defaultAdministratorUserNames= XXXXX
    ldap.synchronization.active=true
    ldap.synchronization.java.naming.security.principa l=uid\=XXX,cn\=XXXX,cn\=XXXX
    ldap.synchronization.java.naming.security.credenti als=XXXXXX
    ldap.synchronization.queryBatchSize=1000
    ldap.synchronization.groupQuery=(objectclass\=grou pOfNames)
    ldap.synchronization.groupDifferentialQuery=(&(obj ectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
    ldap.synchronization.personQuery=(objectclass\=ine tOrgPerson)
    ldap.synchronization.personDifferentialQuery=(&(ob jectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}) ))
    ldap.synchronization.groupSearchBase=ou\=groups,dc \=XXXX,dc\=com
    ldap.synchronization.userSearchBase=ou\=people,dc\ =XXXXX,dc\=com
    ldap.synchronization.modifyTimestampAttributeName= modifyTimestamp
    ldap.synchronization.timestampFormat=yyyyMMddHHmms s'Z'
    ldap.synchronization.userIdAttributeName=uid
    ldap.synchronization.userFirstNameAttributeName=gi venName
    ldap.synchronization.userLastNameAttributeName=sn
    ldap.synchronization.userEmailAttributeName=mail
    ldap.synchronization.userOrganizationalIdAttribute Name=o
    ldap.synchronization.defaultHomeFolderProvider=use rHomesHomeFolderProvider
    ldap.synchronization.groupIdAttributeName=cn
    ldap.synchronization.groupType=groupOfNames
    ldap.synchronization.personType=inetOrgPerson
    ldap.synchronization.groupMemberAttributeName=memb er
    ldap.synchronization.enableProgressEstimation=true
    Thanks
    Mudasar
    www.o2sp.com
    Open Source Solution Provider

Similar Threads

  1. Replies: 8
    Last Post: 01-20-2009, 12:06 PM
  2. [SOLVED] parts_decode_ext error
    By jsabater in forum Administrators
    Replies: 7
    Last Post: 10-13-2008, 07:24 AM
  3. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 02:30 PM
  4. Replies: 8
    Last Post: 02-27-2007, 03:10 AM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 11:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •