Category Archives: Alfresco

Alfresco Cluster Properties (for Hazelcast)
Date Created: January 21, 2016  Date Modified: January 21, 2016

Property name Default value Description
alfresco.cluster.enabled true Enables clustering.
alfresco.cluster.interface Specifies a particular network interface to use for clustering. May be wildcarded, e.g. 10.256.*.* would mean attempt to bind to the interface having an IP address beginning “10.256.”.
alfresco.cluster.nodetype Repository Server Not normally used. Human-friendly description of the cluster member – as shown in JMX under “non-clustered servers”. This is useful to give a name to non-clustered servers such as a transformation server that it attached to the same database as the cluster, but not participating in it (e.g. alfresco.cluster.enabled=false)
alfresco.hazelcast.password alfrescocluster Password used by the cluster members to access/join the Hazelcast cluster.
alfresco.hazelcast.port 5701 Specifies the port to use for clustering.
alfresco.hazelcast.autoinc.port false If set to true, Hazelcast will try several times to find a free port starting at the value of alfresco.hazelcast.port. Not recommended.
alfresco.hazelcast.mancenter.enabled false If enabled, the server will push stats and other useful information to Hazelcast’s “mancenter” dashboard application.
alfresco.hazelcast.mancenter.url http://localhost:8080/mancenter The URL where the mancenter application may be found (alfresco.hazelcast.mancenter.enabled must be true for this to have any effect).

Alfresco User Attributes
Date Created: January 17, 2016  Date Modified: January 17, 2016

Alfresco User Attributes

Type Description
properties An associative array of user properties.
id The user identifier.
name The Principal name (most commonly, this will be the same as the user
ID).
fullName The user’s full name (for example, Joe Dwight Smith).
firstName The user’s first name (for example, Joe). Read/write.
middleName The user’s middle name (for example, Dwight). Read/write.
lastName The user’s last name (for example, Smith). Read/write.
email The user’s email address. Read/write.
organization The user’s organization. Read/write.
jobTitle The user’s job title. Read/write.
location The user’s location. Read/write.
biography The user’s biography. Read/write.
telephone The user’s telephone entry. Read/write.
mobilePhone The user’s mobile phone entry. Read/write.
skype The user’s Skype name. Read/write.
instantMsg The user’s instant messaging ID. Read/write.
googleUsername User name for Google account. REad/write.
companyPostcode The user’s company post code. Read/write.
companyTelephone The user’s company telephone entry. Read/write.
companyFax The user’s company fax entry. Read/write.
companyEmail The user’s company email address. Read/write.
companyAddress1 The user’s company address entry 1. Read/write.
companyAddress2 The user’s company address entry 2. Read/write.
companyAddress3 The user’s company address entry 3. Read/write.
isAdmin Returns a boolean. True if user is an administrator.
isGuest Returns a boolean. True if user is a guest.
nativeUser Returns the underlying user object for access to additional methods on custom user
objects.
capabilities Get a map of capabilities (boolean assertions) for the user.

LDAP Alfresco (global properties)
Date Created: December 8, 2015  Date Modified: January 17, 2016

I found this useful so I thought I’d post it

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=true

# How to map the user id entered by the user to that passed through to LDAP
ldap.authentication.userNameFormat=uid=%s,ou=users,dc=armundia,dc=com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap.....com:389

# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync

# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=....

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true

# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple

# The default principal to use (only used for LDAP sync)
ldap.synchronization.java.naming.security.principal=cn\=ldap,dc\=armundia,dc\=com

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=.....

# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=0

# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.
ldap.synchronization.attributeBatchSize=0

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0}))) # The query to select all objects that represent the users to import. ldap.synchronization.personQuery=(objectclass\=inetOrgPerson) # The query to select objects that represent the users to import that have changed since a certain time. ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}))) # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server. ldap.synchronization.groupSearchBase=dc\=roles,dc\=alfresco,dc\=armundia,dc\=com # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server. ldap.synchronization.userSearchBase=dc\=users,dc\=armundia,dc\=com # The name of the operational attribute recording the last update time for a group or user. ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp # The timestamp format. Unfortunately, this varies between directory servers. ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' # The attribute name on people objects found in LDAP to use as the uid in Alfresco ldap.synchronization.userIdAttributeName=uid # The attribute on person objects in LDAP to map to the first name property in Alfresco ldap.synchronization.userFirstNameAttributeName=givenName # The attribute on person objects in LDAP to map to the last name property in Alfresco ldap.synchronization.userLastNameAttributeName=sn # The attribute on person objects in LDAP to map to the email property in Alfresco ldap.synchronization.userEmailAttributeName=mail # The attribute on person objects in LDAP to map to the organizational id property in Alfresco ldap.synchronization.userOrganizationalIdAttributeName=o # The default home folder provider to use for people created via LDAP import ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider # The attribute on LDAP group objects to map to the authority name property in Alfresco ldap.synchronization.groupIdAttributeName=cn # The attribute on LDAP group objects to map to the authority display name property in Alfresco ldap.synchronization.groupDisplayNameAttributeName=description # The group type in LDAP ldap.synchronization.groupType=groupOfNames # The person type in LDAP ldap.synchronization.personType=inetOrgPerson # The attribute in LDAP on group objects that defines the DN for its members ldap.synchronization.groupMemberAttributeName=member # If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries. ldap.synchronization.enableProgressEstimation=true # Requests timeout, in miliseconds, use 0 for none (default) ldap.authentication.java.naming.read.timeout=0

Source:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/ldap-authentication-7