mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
1264fca386
13484: ETHREEOH-1547: Do not set requiresNew flag and propagate exceptions in BaseDialogBean 13383: ETHREEOH-1220: Update LDAP-authentication-context to include allowGetEnabled entry to support Share 13381: ETHREEOH-1181: NTLM authentication periodically fails over CIFS - "Read-Write transaction started within read-only transaction" 13376: ETHREEOH-279: Friendly error message when cm:filename regular expression constraint is violated 13364: ETHREEOH-814: Correct character encoding issues in LDAP synchronization 13353: ETHREEOH-1444: Ability to run Alfresco from unexploded .war file with embedded license 13328: ETHREEOH-1400: Prevent TLD warnings on Weblogic startup 13183: Follow up to 13177: Fixes for Weblogic compatibility 13177: Fixes for Weblogic compatibility 13109: Build/test fix (to avoid unintentional import via application-context.xml) 13100: Checkpoint for new DM index check (enterprise-only) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13525 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
120 lines
5.5 KiB
XML
120 lines
5.5 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<beans>
|
|
|
|
<!-- The main configuration has moved into a properties file -->
|
|
|
|
<bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
|
<property name="ignoreUnresolvablePlaceholders">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="locations">
|
|
<value>classpath:alfresco/extension/ldap-authentication.properties</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. -->
|
|
|
|
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
|
|
<property name="allowDeleteUser">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="allowGetEnabled">
|
|
<value>true</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- LDAP authentication configuration -->
|
|
|
|
<!--
|
|
|
|
You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
|
|
web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
|
|
authentication routes, like Active Directory.
|
|
|
|
-->
|
|
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"
|
|
parent="authenticationComponentBase">
|
|
<property name="LDAPInitialDirContextFactory">
|
|
<ref bean="ldapInitialDirContextFactory"/>
|
|
</property>
|
|
<property name="userNameFormat">
|
|
<!--
|
|
|
|
This maps between what the user types in and what is passed through to the underlying LDAP authentication.
|
|
|
|
"%s" - the user id is passed through without modification.
|
|
Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
|
|
|
|
"cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
|
|
Usually for simple authentication. Simple authentication always uses the DN for the user.
|
|
|
|
-->
|
|
<value>${ldap.authentication.userNameFormat}</value>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
<property name="escapeCommasInBind">
|
|
<value>${ldap.authentication.escapeCommasInBind}</value>
|
|
</property>
|
|
<property name="escapeCommasInUid">
|
|
<value>${ldap.authentication.escapeCommasInUid}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!--
|
|
|
|
This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
|
|
to pull them out of the LDAP reopsitory
|
|
|
|
-->
|
|
|
|
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
|
|
<property name="initialDirContextEnvironment">
|
|
<map>
|
|
<!-- The LDAP provider -->
|
|
<entry key="java.naming.factory.initial">
|
|
<value>${ldap.authentication.java.naming.factory.initial}</value>
|
|
</entry>
|
|
|
|
<!-- The url to the LDAP server -->
|
|
<!-- Note you can use space separated urls - they will be tried in turn until one works -->
|
|
<!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) -->
|
|
<entry key="java.naming.provider.url">
|
|
<value>${ldap.authentication.java.naming.provider.url}</value>
|
|
</entry>
|
|
|
|
<!-- The authentication mechanism to use -->
|
|
<!-- Some sasl authentication mechanisms may require a realm to be set -->
|
|
<!-- java.naming.security.sasl.realm -->
|
|
<!-- The available options will depend on your LDAP provider -->
|
|
<entry key="java.naming.security.authentication">
|
|
<value>${ldap.authentication.java.naming.security.authentication}</value>
|
|
</entry>
|
|
|
|
<!-- The id of a user who can read group and user information -->
|
|
<!-- This does not go through the pattern substitution defined above and is used "as is" -->
|
|
<entry key="java.naming.security.principal">
|
|
<value>${ldap.authentication.java.naming.security.principal}</value>
|
|
</entry>
|
|
|
|
<!-- The password for the user defined above -->
|
|
<entry key="java.naming.security.credentials">
|
|
<value>${ldap.authentication.java.naming.security.credentials}</value>
|
|
</entry>
|
|
</map>
|
|
</property>
|
|
</bean>
|
|
|
|
</beans> |