Différences

Ci-dessous, les différences entre deux révisions de la page.

--- fr:cas [2012/05/14 16:32] – [Alfresco] fraggle
+++ fr:cas [2021/12/27 18:23] (Version actuelle) – modification externe 127.0.0.1
@@ Ligne 64: / Ligne 64: @@
 <code bash>./convert_x509.sh sub_domain.domain.tld</code>
-====== Installation certificat + clé ======
+====== Installation certificat et clé ======
 Procédure d'installation d'un certificat et de sa clé associée sur une machine.
@@ Ligne 456: / Ligne 456: @@
     <rootDN></rootDN>
     <inhibitInferRootDN>false</inhibitInferRootDN>
-    <userSearchBase></userSearchBase>
+    <userSearchBase>dc=asso-ckt,dc=fr</userSearchBase>
     <userSearch>uid={0}</userSearch>
 </securityRealm>
@@ Ligne 477: / Ligne 477: @@
 ===== SYMPA =====
+==== LDAP ====
+<code bash>
+--- 8< --- /etc/sympa/auth.conf
+...
+ldap
+      host                  c2:389
+      timeout               30
+      suffix                dc=asso-ckt,dc=fr
+      get_dn_by_uid_filter   (uid=[sender])
+      get_dn_by_email_filter    (mail=[sender])
+      email_attribute   mail
+      scope sub
+...
+--- >8 ---
+</code>
+==== CAS ====
+FIXME
 ===== Alfresco =====
+==== LDAP ====
+<code bash>
+mkdir -p /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
+cp -a /opt/alfresco-4.0.c/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/
+</code>
+<code xml>
+--- 8< --- /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco-global.properties
+...
+# Authentification
+authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
+...
+--- >8 ---
+</code>
+<code xml>
+--- 8< --- /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties
+...
+# This flag enables use of this LDAP subsystem for authentication. It may be
+# that this subsytem should only be used for synchronization, in which case
+# this flag should be set to false.
+ldap.authentication.active=true
+#
+# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
+#
+ldap.authentication.allowGuestLogin=false
+# How to map the user id entered by the user to that passed through to LDAP
+# - simple
+#    - this must be a DN and would be something like
+#      uid=%s,ou=People,dc=company,dc=com
+# - digest
+#    - usually pass through what is entered
+#      %s
+# If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will
+# be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
+# appear in the DN.
+ldap.authentication.userNameFormat=
+# The LDAP context factory to use
+ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
+# The URL to connect to the LDAP server
+ldap.authentication.java.naming.provider.url=ldap://c2:389
+# The authentication mechanism to use for password validation
+ldap.authentication.java.naming.security.authentication=simple
+# Escape commas entered by the user at bind time
+# Useful when using simple authentication and the CN is part of the DN and contains commas
+ldap.authentication.escapeCommasInBind=false
+# Escape commas entered by the user when setting the authenticated user
+# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
+# pulled in as part of an LDAP sync
+# If this option is set to true it will break the default home folder provider as space names can not contain \
+ldap.authentication.escapeCommasInUid=false
+# Comma separated list of user names who should be considered administrators by default
+ldap.authentication.defaultAdministratorUserNames=
+# This flag enables use of this LDAP subsystem for user and group
+# synchronization. It may be that this subsytem should only be used for
+# authentication, in which case this flag should be set to false.
+ldap.synchronization.active=true
+# The authentication mechanism to use for synchronization
+ldap.synchronization.java.naming.security.authentication=simple
+# The default principal to use (only used for LDAP sync)
+ldap.synchronization.java.naming.security.principal=cn=System Administrator-admin,ou=people,dc=asso-ckt,dc=fr
+# The password for the default principal (only used for LDAP sync)
+ldap.synchronization.java.naming.security.credentials=password
+# If positive, this property indicates that RFC 2696 paged results should be
+# used to split query results into batches of the specified size. This
+# overcomes any size limits imposed by the LDAP server.
+ldap.synchronization.queryBatchSize=100
+# If positive, this property indicates that range retrieval should be used to fetch
+# multi-valued attributes (such as member) in batches of the specified size.
+# Overcomes any size limits imposed by Active Directory.
+ldap.synchronization.attributeBatchSize=100
+# The query to select all objects that represent the groups to import.
+ldap.synchronization.groupQuery=(objectclass=posixGroup)
+# The query to select objects that represent the groups to import that have changed since a certain time.
+ldap.synchronization.groupDifferentialQuery=(&(objectclass=posixGroup)(!(modifyTimestamp<={0})))
+# The query to select all objects that represent the users to import.
+ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
+# The query to select objects that represent the users to import that have changed since a certain time.
+ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))
+# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
+ldap.synchronization.groupSearchBase=dc\=asso-ckt,dc\=fr
+# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
+ldap.synchronization.userSearchBase=dc\=asso-ckt,dc\=fr
+# The name of the operational attribute recording the last update time for a group or user.
+ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
+# The timestamp format. Unfortunately, this varies between directory servers.
+ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
+# The attribute name on people objects found in LDAP to use as the uid in Alfresco
+ldap.synchronization.userIdAttributeName=uid
+# The attribute on person objects in LDAP to map to the first name property in Alfresco
+ldap.synchronization.userFirstNameAttributeName=givenName
+# The attribute on person objects in LDAP to map to the last name property in Alfresco
+ldap.synchronization.userLastNameAttributeName=sn
+# The attribute on person objects in LDAP to map to the email property in Alfresco
+ldap.synchronization.userEmailAttributeName=mail
+# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
+ldap.synchronization.userOrganizationalIdAttributeName=o
+# The default home folder provider to use for people created via LDAP import
+ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
+# The attribute on LDAP group objects to map to the authority name property in Alfresco
+ldap.synchronization.groupIdAttributeName=cn
+# The attribute on LDAP group objects to map to the authority display name property in Alfresco
+ldap.synchronization.groupDisplayNameAttributeName=description
+# The group type in LDAP
+ldap.synchronization.groupType=posixGroup
+# The person type in LDAP
+ldap.synchronization.personType=inetOrgPerson
+# The attribute in LDAP on group objects that defines the DN for its members
+ldap.synchronization.groupMemberAttributeName=memberUid
+# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
+ldap.synchronization.enableProgressEstimation=true
+--- >8 ---
+</code>
+<code bash>
+service alfresco restart
+</code>