Différences

Ci-dessous, les différences entre deux révisions de la page.

--- fr:cas [2012/06/06 17:12] – [SYMPA] fraggle
+++ fr:cas [2021/12/27 18:23] (Version actuelle) – modification externe 127.0.0.1
@@ Ligne 64: / Ligne 64: @@
 <code bash>./convert_x509.sh sub_domain.domain.tld</code>
-====== Installation certificat + clé ======
+====== Installation certificat et clé ======
 Procédure d'installation d'un certificat et de sa clé associée sur une machine.
@@ Ligne 496: / Ligne 496: @@
 </code>
+==== CAS ====
+FIXME
 ===== Alfresco =====
@@ Ligne 529: / Ligne 532: @@
 # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
 #
-ldap.authentication.allowGuestLogin=true
+ldap.authentication.allowGuestLogin=false
 # How to map the user id entered by the user to that passed through to LDAP
 # - simple
@@ Ligne 540: / Ligne 543: @@
 # be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
 # appear in the DN.
-ldap.authentication.userNameFormat=uid=%s,dc=asso-ckt,dc=fr
+ldap.authentication.userNameFormat=
 # The LDAP context factory to use
@@ Ligne 562: / Ligne 565: @@
 # Comma separated list of user names who should be considered administrators by default
-ldap.authentication.defaultAdministratorUserNames=jbenoit
+ldap.authentication.defaultAdministratorUserNames=
 # This flag enables use of this LDAP subsystem for user and group
 # synchronization. It may be that this subsytem should only be used for
 # authentication, in which case this flag should be set to false.
-ldap.synchronization.active=false
+ldap.synchronization.active=true
+# The authentication mechanism to use for synchronization
+ldap.synchronization.java.naming.security.authentication=simple
+# The default principal to use (only used for LDAP sync)
+ldap.synchronization.java.naming.security.principal=cn=System Administrator-admin,ou=people,dc=asso-ckt,dc=fr
+# The password for the default principal (only used for LDAP sync)
+ldap.synchronization.java.naming.security.credentials=password
+# If positive, this property indicates that RFC 2696 paged results should be
+# used to split query results into batches of the specified size. This
+# overcomes any size limits imposed by the LDAP server.
+ldap.synchronization.queryBatchSize=100
+# If positive, this property indicates that range retrieval should be used to fetch
+# multi-valued attributes (such as member) in batches of the specified size.
+# Overcomes any size limits imposed by Active Directory.
+ldap.synchronization.attributeBatchSize=100
+# The query to select all objects that represent the groups to import.
+ldap.synchronization.groupQuery=(objectclass=posixGroup)
+# The query to select objects that represent the groups to import that have changed since a certain time.
+ldap.synchronization.groupDifferentialQuery=(&(objectclass=posixGroup)(!(modifyTimestamp<={0})))
+# The query to select all objects that represent the users to import.
+ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
+# The query to select objects that represent the users to import that have changed since a certain time.
+ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))
+# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
+ldap.synchronization.groupSearchBase=dc\=asso-ckt,dc\=fr
+# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
+ldap.synchronization.userSearchBase=dc\=asso-ckt,dc\=fr
+# The name of the operational attribute recording the last update time for a group or user.
+ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
+# The timestamp format. Unfortunately, this varies between directory servers.
+ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
+# The attribute name on people objects found in LDAP to use as the uid in Alfresco
+ldap.synchronization.userIdAttributeName=uid
+# The attribute on person objects in LDAP to map to the first name property in Alfresco
+ldap.synchronization.userFirstNameAttributeName=givenName
+# The attribute on person objects in LDAP to map to the last name property in Alfresco
+ldap.synchronization.userLastNameAttributeName=sn
+# The attribute on person objects in LDAP to map to the email property in Alfresco
+ldap.synchronization.userEmailAttributeName=mail
+# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
+ldap.synchronization.userOrganizationalIdAttributeName=o
+# The default home folder provider to use for people created via LDAP import
+ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
+# The attribute on LDAP group objects to map to the authority name property in Alfresco
+ldap.synchronization.groupIdAttributeName=cn
+# The attribute on LDAP group objects to map to the authority display name property in Alfresco
+ldap.synchronization.groupDisplayNameAttributeName=description
+# The group type in LDAP
+ldap.synchronization.groupType=posixGroup
+# The person type in LDAP
+ldap.synchronization.personType=inetOrgPerson
+# The attribute in LDAP on group objects that defines the DN for its members
+ldap.synchronization.groupMemberAttributeName=memberUid
+# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
+ldap.synchronization.enableProgressEstimation=true
 --- >8 ---
 </code>
@@ Ligne 574: / Ligne 654: @@
 service alfresco restart
 </code>