Last active
April 12, 2020 14:14
-
-
Save unalfaruk/95dcc221e7898e531a66d4e4ad05877f to your computer and use it in GitHub Desktop.
Active directory integration configuration for Alfresco Community 5.1 (with comments line by line)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################### | |
## Common Alfresco Properties # | |
############################### | |
dir.root=/opt/alfresco-community/alf_data | |
alfresco.context=alfresco | |
alfresco.host=127.0.0.1 | |
alfresco.port=8080 | |
alfresco.protocol=http | |
share.context=share | |
share.host=127.0.0.1 | |
share.port=8080 | |
share.protocol=http | |
### database connection properties ### | |
db.driver=org.postgresql.Driver | |
db.username=alfresco | |
db.password=Roketsan123! | |
db.name=alfresco | |
db.url=jdbc:postgresql://comhost:5432/${db.name} | |
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this. | |
db.pool.max=275 | |
db.pool.validate.query=SELECT 1 | |
# The server mode. Set value here | |
# UNKNOWN | TEST | BACKUP | PRODUCTION | |
system.serverMode=UNKNOWN | |
### FTP Server Configuration ### | |
ftp.port=21 | |
### RMI registry port for JMX ### | |
alfresco.rmi.services.port=50500 | |
### External executable locations ### | |
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin | |
ooo.enabled=true | |
ooo.port=8100 | |
img.root=/opt/alfresco-community/common | |
img.dyn=${img.root}/lib | |
img.exe=${img.root}/bin/convert | |
jodconverter.enabled=false | |
jodconverter.officeHome=/opt/alfresco-community/libreoffice | |
jodconverter.portNumbers=8100 | |
### Initial admin password ### | |
alfresco_user_store.adminpassword=913ed2257d1dba0b44c5986d12c776cd | |
### E-mail site invitation setting ### | |
notification.email.siteinvite=false | |
### License location ### | |
dir.license.external=/opt/alfresco-community | |
### Solr indexing ### | |
index.subsystem.name=solr4 | |
dir.keystore=${dir.root}/keystore | |
solr.host=comhost | |
solr.port.ssl=8443 | |
### Allow extended ResultSet processing | |
security.anyDenyDenies=false | |
### Smart Folders Config Properties ### | |
smart.folders.enabled=false | |
### Remote JMX (Default: disabled) ### | |
############################### | |
## LDAP Authentication Conf # | |
############################### | |
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap | |
ldap.authentication.active=true | |
ldap.authentication.java.naming.provider.url=ldap://<AD_IP_OR_HOSTNAME>:389 | |
ldap.authentication.userNameFormat=%s@domain.com | |
#For Active Directory use UPN structure | |
#For userNameFormat, please read "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html", AD and LDAP requires different structure. | |
ldap.authentication.allowGuestLogin=false | |
#If you need only authentication, the configuration so far is enough. | |
############################### | |
## LDAP Synchronization Conf # | |
############################### | |
ldap.synchronization.active=true | |
ldap.synchronization.java.naming.security.principal=alfresco@domain.com | |
#A user for export operation from AD to Alfresco. | |
#This should be in the same format as ldap.authentication.userNameFormat (UPN) | |
#For the first time, give this user all permissions then restrict step by step | |
ldap.synchronization.java.naming.security.credentials=password | |
#It's the password of "alfresco" user | |
#It is important to know the structure of OUs to set these lines correct. | |
#For the first test, searchBase and others is set to "DC\=domain,DC\=com" to query all users without any filter. | |
ldap.synchronization.groupSearchBase=OU\=Alfresco,DC\=domain,DC\=com | |
ldap.synchronization.groupQuery=(objectclass\=group) | |
ldap.synchronization.userSearchBase=OU\=Alfresco,DC\=domain,DC\=com | |
ldap.synchronization.personQuery=(objectclass\=user) | |
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=user)((memberOf\=OU\=SubAlfrescoGroup1,OU\=Alfresco,DC\=domain,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0}))) | |
ldap.synchronization.personDifferentialQuery=(&(objectclass\=group)(memberOf\=OU\=SubAlfrescoGroup1,ou\=Alfresco,dc\=domain,dc\=com)(!(modifyTimestamp<\={0}))) | |
# secs min hour dom mon dow | |
synchronization.import.cron=0 */1 * * * ? | |
#Every minutes, Alfresco sync. | |
synchronization.syncOnStartup=true | |
synchronization.allowDeletions=true | |
ldap.synchronization.userIdAttributeName=sAMAccountName | |
synchronization.synchronizeChangesOnly=false | |
#False to sync everything for each sync time, it consumes more network, process etc. | |
#True to sync only changes for each sync time | |
#For the first sync, I use "false", then switch it to "true". | |
#userFirstNameAttributeName and userLastNameAttributeName are commented, users are created with name and surname. | |
#So I am using these parameters as commented. | |
# The attribute on person objects in LDAP to map to the first name property in Alfresco | |
#ldap.synchronization.userFirstNameAttributeName=givenName | |
# The attribute on person objects in LDAP to map to the last name property in Alfresco | |
#ldap.synchronization.userLastNameAttributeName="" | |
# The attribute on person objects in LDAP to map to the email property in Alfresco | |
ldap.synchronization.userEmailAttributeName=mail | |
# The attribute on group objects to map to the authority name property in Alfresco | |
ldap.synchronization.groupIdAttributeName=cn | |
# The attribute on group objects to map to the authority display name property in Alfresco | |
ldap.synchronization.groupDisplayNameAttributeName=cn | |
# The group type | |
ldap.synchronization.groupType=group | |
# The person type | |
ldap.synchronization.personType=person | |
# The attribute on group objects that defines the DN for its members | |
ldap.synchronization.groupMemberAttributeName=member | |
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp | |
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z' | |
#It is also important, it changes for AD and LDAP. | |
#For timestampFormat, look at "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment