Alfresco es una solución que se asemeja a Sharepoint de Microsoft pero podríamos decir que es mucho mas completo y económico.
Uno de los aspectos que mas nos han solicitado es poder tomar los usuarios que tienen creados en el Active Directory de Windows o Zentyal, el famoso Single Sign On.
A continuación veremos como realizar la respectiva configuración de Alfresco para lograr este objetivo.
Ingresamos a la ruta:
root@alfresco:#cd /opt/alfresco-4.0.d/tomcat/shared/classes
Editamos el Archivo:
alfresco-global.properties
Hasta el punto anterior todo debe de ir bien, ahora como autenticar contra Zentyal y Contra AD.
Configuración de Alfresco contra Zentyal
A continuación tendrán todo lo que posee el archivo (alfresco-global.properties) para poder autenticar contra Zentyal, solo cambien las lineas donde esta en negrilla:
###############################
## Common Alfresco Properties ##
###############################
dir.root=/opt/alfresco-4.0.d/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=Password BD (se configura en la instalacion)
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
### FTP Server Configuration ###
ftp.enabled=false
ftp.port=21
ftp.ipv6.enabled=false
### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0
### External executable locations ###
ooo.exe=/opt/alfresco-4.0.d/openoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
ooo.port=8100
img.root=/opt/alfresco-4.0.d/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-4.0.d/common/bin/pdf2swf
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-4.0.d/openoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=c3dc537c6ba26089f148c09a42c8f019
### E-mail site invitation setting ###
notification.email.siteinvite=false
### File Protocol Root ###
protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}
### License location ###
dir.license.external=/opt/alfresco-4.0.d
### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443
### BPM Engine ###
system.workflow.engine.jbpm.enabled=false
###Autenticacion###
authentication.chain=passthru1:passthru,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=true
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.authentication.java.naming.provider.url=ldap://IPSERVIDORZENTYAL:389
ldap.authentication.userNameFormat=uid=%s,ou=Users,dc=zentyal
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.principal=cn=USUARIOADMINZENTYAL,dc=DOMINOIZENTYAL
ldap.synchronization.java.naming.security.credentials=PASSADMINZENTYAL
ldap.synchronization.userSearchBase=ou=Users,dc=DOMINIOZENTYAL
ldap.synchronization.groupSearchBase=ou=Groups,dc=DOMINIOZENTYAL
ldap.synchronization.personQuery=(&(uid=%v)(objectclass=posixAccount))
ldap.synchronization.groupQuery=(objectclass=posixGroup)
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
passthru.authentication.useLocalServer=false
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
passthru.authentication.servers=IPSERVERZENTYAL
passthru.authentication.domain=alge.net
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
Configuración de Alfresco contra AD Windows Server 2008 R2
###############################
## Common Alfresco Properties #
###############################
dir.root=/opt/alfresco-4.0.d/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=Password BD (se configura en la instalacion)
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
### FTP Server Configuration ###
ftp.enabled=true
ftp.port=21
ftp.ipv6.enabled=false
### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0
### External executable locations ###
ooo.exe=/opt/alfresco-4.0.d/openoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
ooo.port=8100
img.root=/opt/alfresco-4.0.d/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-4.0.d/common/bin/pdf2swf
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-4.0.d/openoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=c3dc537c6ba26089f148c09a42c8f019
### E-mail site invitation setting ###
notification.email.siteinvite=false
### File Protocol Root ###
protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}
### License location ###
dir.license.external=/opt/alfresco-4.0.d
### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443
### BPM Engine ###
system.workflow.engine.jbpm.enabled=false
##Autenticacion##
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
###Autenticación del dominio###
passthru.authentication.useLocalServer=false
passthru.authentication.domain=MIDOMINIO.NET
passthru.authentication.servers=IPDELDOMINIO
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://IPDOMINIO:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.java.naming.security.principal=USERADMINDOMINIO
ldap.synchronization.java.naming.security.credentials=PASSADMINDOMINIO
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<={0})))
ldap.synchronization.groupQuery=(objectclass=group)
###Sincronización por grupo y usuario por dominio###
ldap.synchronization.groupSearchBase=cn=users,dc=MIDOMINO.NET,dc=com
ldap.synchronization.userSearchBase=cn=users,dc=MIDOMINIO.NET,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
Normalmente la cuenta de administrador, se lo dejamos a la cuenta local del Alfresco.
IMPORTATE: No copien y peguen, solo modifiquen las lineas necesarias. Realicen el Backup de los archivos antes de modificarlos.