Skip to content

Instantly share code, notes, and snippets.

@unalfaruk
Last active April 12, 2020 14:14
Show Gist options
  • Save unalfaruk/95dcc221e7898e531a66d4e4ad05877f to your computer and use it in GitHub Desktop.
Save unalfaruk/95dcc221e7898e531a66d4e4ad05877f to your computer and use it in GitHub Desktop.
Active directory integration configuration for Alfresco Community 5.1 (with comments line by line)
###############################
## Common Alfresco Properties #
###############################
dir.root=/opt/alfresco-community/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=Roketsan123!
db.name=alfresco
db.url=jdbc:postgresql://comhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
### FTP Server Configuration ###
ftp.port=21
### RMI registry port for JMX ###
alfresco.rmi.services.port=50500
### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=913ed2257d1dba0b44c5986d12c776cd
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=/opt/alfresco-community
### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=comhost
solr.port.ssl=8443
### Allow extended ResultSet processing
security.anyDenyDenies=false
### Smart Folders Config Properties ###
smart.folders.enabled=false
### Remote JMX (Default: disabled) ###
###############################
## LDAP Authentication Conf #
###############################
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.java.naming.provider.url=ldap://<AD_IP_OR_HOSTNAME>:389
ldap.authentication.userNameFormat=%s@domain.com
#For Active Directory use UPN structure
#For userNameFormat, please read "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html", AD and LDAP requires different structure.
ldap.authentication.allowGuestLogin=false
#If you need only authentication, the configuration so far is enough.
###############################
## LDAP Synchronization Conf #
###############################
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco@domain.com
#A user for export operation from AD to Alfresco.
#This should be in the same format as ldap.authentication.userNameFormat (UPN)
#For the first time, give this user all permissions then restrict step by step
ldap.synchronization.java.naming.security.credentials=password
#It's the password of "alfresco" user
#It is important to know the structure of OUs to set these lines correct.
#For the first test, searchBase and others is set to "DC\=domain,DC\=com" to query all users without any filter.
ldap.synchronization.groupSearchBase=OU\=Alfresco,DC\=domain,DC\=com
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.userSearchBase=OU\=Alfresco,DC\=domain,DC\=com
ldap.synchronization.personQuery=(objectclass\=user)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=user)((memberOf\=OU\=SubAlfrescoGroup1,OU\=Alfresco,DC\=domain,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=group)(memberOf\=OU\=SubAlfrescoGroup1,ou\=Alfresco,dc\=domain,dc\=com)(!(modifyTimestamp<\={0})))
# secs min hour dom mon dow
synchronization.import.cron=0 */1 * * * ?
#Every minutes, Alfresco sync.
synchronization.syncOnStartup=true
synchronization.allowDeletions=true
ldap.synchronization.userIdAttributeName=sAMAccountName
synchronization.synchronizeChangesOnly=false
#False to sync everything for each sync time, it consumes more network, process etc.
#True to sync only changes for each sync time
#For the first sync, I use "false", then switch it to "true".
#userFirstNameAttributeName and userLastNameAttributeName are commented, users are created with name and surname.
#So I am using these parameters as commented.
# The attribute on person objects in LDAP to map to the first name property in Alfresco
#ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
#ldap.synchronization.userLastNameAttributeName=""
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
# The attribute on group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=cn
# The group type
ldap.synchronization.groupType=group
# The person type
ldap.synchronization.personType=person
# The attribute on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
#It is also important, it changes for AD and LDAP.
#For timestampFormat, look at "https://docs.alfresco.com/5.1/concepts/auth-ldap-props.html"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment