fr:cas

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision		 Révision précédente
fr:cas [2012/05/14 19:51] – [LDAP] fragglefr:cas [2021/12/27 18:23] (Version actuelle) – modification externe 127.0.0.1
Ligne 64: Ligne 64:
 <code bash>./convert_x509.sh sub_domain.domain.tld</code> <code bash>./convert_x509.sh sub_domain.domain.tld</code>
  
-====== Installation certificat clé ======+====== Installation certificat et clé ======
  
 Procédure d'installation d'un certificat et de sa clé associée sur une machine.  Procédure d'installation d'un certificat et de sa clé associée sur une machine. 
Ligne 456: Ligne 456:
     <rootDN></rootDN>     <rootDN></rootDN>
     <inhibitInferRootDN>false</inhibitInferRootDN>     <inhibitInferRootDN>false</inhibitInferRootDN>
-    <userSearchBase></userSearchBase>+    <userSearchBase>dc=asso-ckt,dc=fr</userSearchBase>
     <userSearch>uid={0}</userSearch>     <userSearch>uid={0}</userSearch>
 </securityRealm> </securityRealm>
Ligne 477: Ligne 477:
  
 ===== SYMPA ===== ===== SYMPA =====
 +
 +==== LDAP ====
 +
 +
 +<code bash>
 +--- 8< --- /etc/sympa/auth.conf
 +...
 +ldap
 +      host                  c2:389
 +      timeout               30
 +      suffix                dc=asso-ckt,dc=fr
 +      get_dn_by_uid_filter   (uid=[sender])
 +      get_dn_by_email_filter    (mail=[sender])
 +      email_attribute   mail
 +      scope sub
 +...
 +--- >8 ---
 +</code>     
 +
 +==== CAS ====
 +
 +FIXME
  
 ===== Alfresco ===== ===== Alfresco =====
Ligne 484: Ligne 506:
 <code bash> <code bash>
 mkdir -p /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1 mkdir -p /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
-cp -a /opt/alfresco-4.0.c/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap//opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1+cp -a /opt/alfresco-4.0.c/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/
  
 </code> </code>
Ligne 492: Ligne 514:
 --- 8< --- /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco-global.properties --- 8< --- /opt/alfresco-4.0.c/tomcat/shared/classes/alfresco-global.properties
 ... ...
-authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm+# Authentification 
 +authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
 ... ...
 --- >8 --- --- >8 ---
Ligne 509: Ligne 532:
 # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
 # #
-ldap.authentication.allowGuestLogin=true+ldap.authentication.allowGuestLogin=false
 # How to map the user id entered by the user to that passed through to LDAP # How to map the user id entered by the user to that passed through to LDAP
 # - simple  # - simple 
Ligne 520: Ligne 543:
 # be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to # be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
 # appear in the DN. # appear in the DN.
-ldap.authentication.userNameFormat=uid=%s,dc=asso-ckt,dc=fr+ldap.authentication.userNameFormat=
  
 # The LDAP context factory to use # The LDAP context factory to use
Ligne 542: Ligne 565:
  
 # Comma separated list of user names who should be considered administrators by default # Comma separated list of user names who should be considered administrators by default
-ldap.authentication.defaultAdministratorUserNames=jbenoit+ldap.authentication.defaultAdministratorUserNames=
  
 # This flag enables use of this LDAP subsystem for user and group # This flag enables use of this LDAP subsystem for user and group
 # synchronization. It may be that this subsytem should only be used for  # synchronization. It may be that this subsytem should only be used for 
 # authentication, in which case this flag should be set to false. # authentication, in which case this flag should be set to false.
-ldap.synchronization.active=false+ldap.synchronization.active=true 
 + 
 +# The authentication mechanism to use for synchronization 
 +ldap.synchronization.java.naming.security.authentication=simple 
 + 
 +# The default principal to use (only used for LDAP sync) 
 +ldap.synchronization.java.naming.security.principal=cn=System Administrator-admin,ou=people,dc=asso-ckt,dc=fr 
 + 
 +# The password for the default principal (only used for LDAP sync) 
 +ldap.synchronization.java.naming.security.credentials=password 
 + 
 +# If positive, this property indicates that RFC 2696 paged results should be 
 +# used to split query results into batches of the specified size. This 
 +# overcomes any size limits imposed by the LDAP server. 
 +ldap.synchronization.queryBatchSize=100 
 + 
 +# If positive, this property indicates that range retrieval should be used to fetch 
 +# multi-valued attributes (such as member) in batches of the specified size. 
 +# Overcomes any size limits imposed by Active Directory.         
 +ldap.synchronization.attributeBatchSize=100 
 + 
 +# The query to select all objects that represent the groups to import. 
 +ldap.synchronization.groupQuery=(objectclass=posixGroup) 
 + 
 +# The query to select objects that represent the groups to import that have changed since a certain time. 
 +ldap.synchronization.groupDifferentialQuery=(&(objectclass=posixGroup)(!(modifyTimestamp<={0}))) 
 + 
 +# The query to select all objects that represent the users to import. 
 +ldap.synchronization.personQuery=(objectclass=inetOrgPerson) 
 + 
 +# The query to select objects that represent the users to import that have changed since a certain time. 
 +ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0}))) 
 +# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server. 
 +ldap.synchronization.groupSearchBase=dc\=asso-ckt,dc\=fr 
 + 
 +# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server. 
 +ldap.synchronization.userSearchBase=dc\=asso-ckt,dc\=fr 
 + 
 +# The name of the operational attribute recording the last update time for a group or user. 
 +ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp 
 + 
 +# The timestamp format. Unfortunately, this varies between directory servers. 
 +ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z' 
 + 
 +# The attribute name on people objects found in LDAP to use as the uid in Alfresco 
 +ldap.synchronization.userIdAttributeName=uid 
 + 
 +# The attribute on person objects in LDAP to map to the first name property in Alfresco 
 +ldap.synchronization.userFirstNameAttributeName=givenName 
 + 
 +# The attribute on person objects in LDAP to map to the last name property in Alfresco 
 +ldap.synchronization.userLastNameAttributeName=sn 
 + 
 +# The attribute on person objects in LDAP to map to the email property in Alfresco 
 +ldap.synchronization.userEmailAttributeName=mail 
 + 
 +# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco 
 +ldap.synchronization.userOrganizationalIdAttributeName=o 
 + 
 +# The default home folder provider to use for people created via LDAP import 
 +ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider 
 + 
 +# The attribute on LDAP group objects to map to the authority name property in Alfresco 
 +ldap.synchronization.groupIdAttributeName=cn 
 + 
 +# The attribute on LDAP group objects to map to the authority display name property in Alfresco 
 +ldap.synchronization.groupDisplayNameAttributeName=description 
 + 
 +# The group type in LDAP 
 +ldap.synchronization.groupType=posixGroup 
 + 
 +# The person type in LDAP 
 +ldap.synchronization.personType=inetOrgPerson 
 +# The attribute in LDAP on group objects that defines the DN for its members 
 +ldap.synchronization.groupMemberAttributeName=memberUid 
 + 
 +# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries. 
 +ldap.synchronization.enableProgressEstimation=true
 --- >8 --- --- >8 ---
 </code> </code>
Ligne 554: Ligne 654:
 service alfresco restart service alfresco restart
 </code> </code>
 +
 +
  
  • fr/cas.1337017919.txt.gz
  • Dernière modification : il y a 2 ans
  • (modification externe)