Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
fr:cas [2012/05/14 19:40] – [LDAP] fraggle | fr:cas [2021/12/27 18:23] (Version actuelle) – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 64: | Ligne 64: | ||
<code bash> | <code bash> | ||
- | ====== Installation certificat | + | ====== Installation certificat |
Procédure d' | Procédure d' | ||
Ligne 456: | Ligne 456: | ||
< | < | ||
< | < | ||
- | < | + | < |
< | < | ||
</ | </ | ||
Ligne 477: | Ligne 477: | ||
===== SYMPA ===== | ===== SYMPA ===== | ||
+ | |||
+ | ==== LDAP ==== | ||
+ | |||
+ | |||
+ | <code bash> | ||
+ | --- 8< --- / | ||
+ | ... | ||
+ | ldap | ||
+ | host c2:389 | ||
+ | timeout | ||
+ | suffix | ||
+ | get_dn_by_uid_filter | ||
+ | get_dn_by_email_filter | ||
+ | email_attribute | ||
+ | scope sub | ||
+ | ... | ||
+ | --- >8 --- | ||
+ | </ | ||
+ | |||
+ | ==== CAS ==== | ||
+ | |||
+ | FIXME | ||
===== Alfresco ===== | ===== Alfresco ===== | ||
Ligne 484: | Ligne 506: | ||
<code bash> | <code bash> | ||
mkdir -p / | mkdir -p / | ||
- | cp -a / | + | cp -a / |
</ | </ | ||
Ligne 492: | Ligne 514: | ||
--- 8< --- / | --- 8< --- / | ||
... | ... | ||
- | authentication.chain=ldap1:ldap,alfrescoNtlm1: | + | # Authentification |
+ | authentication.chain=alfrescoNtlm1: | ||
... | ... | ||
--- >8 --- | --- >8 --- | ||
+ | </ | ||
+ | |||
+ | <code xml> | ||
+ | |||
+ | --- 8< --- / | ||
+ | ... | ||
+ | # This flag enables use of this LDAP subsystem for authentication. It may be | ||
+ | # that this subsytem should only be used for synchronization, | ||
+ | # this flag should be set to false. | ||
+ | ldap.authentication.active=true | ||
+ | |||
+ | # | ||
+ | # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions | ||
+ | # | ||
+ | ldap.authentication.allowGuestLogin=false | ||
+ | # How to map the user id entered by the user to that passed through to LDAP | ||
+ | # - simple | ||
+ | # - this must be a DN and would be something like | ||
+ | # uid=%s, | ||
+ | # - digest | ||
+ | # - usually pass through what is entered | ||
+ | # %s | ||
+ | # If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will | ||
+ | # be performed to resolve the DN dynamically. This allows directories to be structured and doesn' | ||
+ | # appear in the DN. | ||
+ | ldap.authentication.userNameFormat= | ||
+ | |||
+ | # The LDAP context factory to use | ||
+ | ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory | ||
+ | |||
+ | # The URL to connect to the LDAP server | ||
+ | ldap.authentication.java.naming.provider.url=ldap:// | ||
+ | |||
+ | # The authentication mechanism to use for password validation | ||
+ | ldap.authentication.java.naming.security.authentication=simple | ||
+ | |||
+ | # Escape commas entered by the user at bind time | ||
+ | # Useful when using simple authentication and the CN is part of the DN and contains commas | ||
+ | ldap.authentication.escapeCommasInBind=false | ||
+ | |||
+ | # Escape commas entered by the user when setting the authenticated user | ||
+ | # Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is | ||
+ | # pulled in as part of an LDAP sync | ||
+ | # If this option is set to true it will break the default home folder provider as space names can not contain \ | ||
+ | ldap.authentication.escapeCommasInUid=false | ||
+ | |||
+ | # Comma separated list of user names who should be considered administrators by default | ||
+ | ldap.authentication.defaultAdministratorUserNames= | ||
+ | |||
+ | # This flag enables use of this LDAP subsystem for user and group | ||
+ | # synchronization. It may be that this subsytem should only be used for | ||
+ | # authentication, | ||
+ | ldap.synchronization.active=true | ||
+ | |||
+ | # The authentication mechanism to use for synchronization | ||
+ | ldap.synchronization.java.naming.security.authentication=simple | ||
+ | |||
+ | # The default principal to use (only used for LDAP sync) | ||
+ | ldap.synchronization.java.naming.security.principal=cn=System Administrator-admin, | ||
+ | |||
+ | # The password for the default principal (only used for LDAP sync) | ||
+ | ldap.synchronization.java.naming.security.credentials=password | ||
+ | |||
+ | # If positive, this property indicates that RFC 2696 paged results should be | ||
+ | # used to split query results into batches of the specified size. This | ||
+ | # overcomes any size limits imposed by the LDAP server. | ||
+ | ldap.synchronization.queryBatchSize=100 | ||
+ | |||
+ | # If positive, this property indicates that range retrieval should be used to fetch | ||
+ | # multi-valued attributes (such as member) in batches of the specified size. | ||
+ | # Overcomes any size limits imposed by Active Directory. | ||
+ | ldap.synchronization.attributeBatchSize=100 | ||
+ | |||
+ | # The query to select all objects that represent the groups to import. | ||
+ | ldap.synchronization.groupQuery=(objectclass=posixGroup) | ||
+ | |||
+ | # The query to select objects that represent the groups to import that have changed since a certain time. | ||
+ | ldap.synchronization.groupDifferentialQuery=(& | ||
+ | |||
+ | # The query to select all objects that represent the users to import. | ||
+ | ldap.synchronization.personQuery=(objectclass=inetOrgPerson) | ||
+ | |||
+ | # The query to select objects that represent the users to import that have changed since a certain time. | ||
+ | ldap.synchronization.personDifferentialQuery=(& | ||
+ | # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server. | ||
+ | ldap.synchronization.groupSearchBase=dc\=asso-ckt, | ||
+ | |||
+ | # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server. | ||
+ | ldap.synchronization.userSearchBase=dc\=asso-ckt, | ||
+ | |||
+ | # The name of the operational attribute recording the last update time for a group or user. | ||
+ | ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp | ||
+ | |||
+ | # The timestamp format. Unfortunately, | ||
+ | ldap.synchronization.timestampFormat=yyyyMMddHHmmss' | ||
+ | |||
+ | # The attribute name on people objects found in LDAP to use as the uid in Alfresco | ||
+ | ldap.synchronization.userIdAttributeName=uid | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the first name property in Alfresco | ||
+ | ldap.synchronization.userFirstNameAttributeName=givenName | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the last name property in Alfresco | ||
+ | ldap.synchronization.userLastNameAttributeName=sn | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the email property in Alfresco | ||
+ | ldap.synchronization.userEmailAttributeName=mail | ||
+ | |||
+ | # The attribute on person objects in LDAP to map to the organizational id property in Alfresco | ||
+ | ldap.synchronization.userOrganizationalIdAttributeName=o | ||
+ | |||
+ | # The default home folder provider to use for people created via LDAP import | ||
+ | ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider | ||
+ | |||
+ | # The attribute on LDAP group objects to map to the authority name property in Alfresco | ||
+ | ldap.synchronization.groupIdAttributeName=cn | ||
+ | |||
+ | # The attribute on LDAP group objects to map to the authority display name property in Alfresco | ||
+ | ldap.synchronization.groupDisplayNameAttributeName=description | ||
+ | |||
+ | # The group type in LDAP | ||
+ | ldap.synchronization.groupType=posixGroup | ||
+ | |||
+ | # The person type in LDAP | ||
+ | ldap.synchronization.personType=inetOrgPerson | ||
+ | # The attribute in LDAP on group objects that defines the DN for its members | ||
+ | ldap.synchronization.groupMemberAttributeName=memberUid | ||
+ | |||
+ | # If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries. | ||
+ | ldap.synchronization.enableProgressEstimation=true | ||
+ | --- >8 --- | ||
+ | </ | ||
+ | |||
+ | <code bash> | ||
+ | service alfresco restart | ||
+ | </ | ||
+ | |||
+ | |||