mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-23 18:05:32 +00:00
db95d287ee
9241: Merged V2.2 to V2.9
9119: Merged V2.1 to V2.2
8671: Fix for AR-2221 - JavaScript scriptable Map objects recursively converted to Freemarker accessable maps
9256: Merged V2.2 to V2.9
9100: Merged V2.1 to V2.2
8728 <Not required>: Latest AMP changes for AR-2212
8731: Faster content store cleaner
8738: Fix for AWC 1930 - support simple bind when building DNs that contain a comma
8835: Fix regression issue as discussed in ACT 2019
8861: Fix WCM-1158
8866: Fixed AR-2272: Module Management Tool distribution is broken
8872: Fixed distribution of benchmark executable jar after EHCache upgrade
8933: Fix for ACT-2469
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9260 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
117 lines
5.4 KiB
XML
117 lines
5.4 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<beans>
|
|
|
|
<!-- The main configuration has moved into a properties file -->
|
|
|
|
<bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
|
<property name="ignoreUnresolvablePlaceholders">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="locations">
|
|
<value>classpath:alfresco/extension/ldap-authentication.properties</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. -->
|
|
|
|
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
|
|
<property name="allowDeleteUser">
|
|
<value>true</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- LDAP authentication configuration -->
|
|
|
|
<!--
|
|
|
|
You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
|
|
web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
|
|
authentication routes, like Active Directory.
|
|
|
|
-->
|
|
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"
|
|
parent="authenticationComponentBase">
|
|
<property name="LDAPInitialDirContextFactory">
|
|
<ref bean="ldapInitialDirContextFactory"/>
|
|
</property>
|
|
<property name="userNameFormat">
|
|
<!--
|
|
|
|
This maps between what the user types in and what is passed through to the underlying LDAP authentication.
|
|
|
|
"%s" - the user id is passed through without modification.
|
|
Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
|
|
|
|
"cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
|
|
Usually for simple authentication. Simple authentication always uses the DN for the user.
|
|
|
|
-->
|
|
<value>${ldap.authentication.userNameFormat}</value>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
<property name="escapeCommasInBind">
|
|
<value>${ldap.authentication.escapeCommasInBind}</value>
|
|
</property>
|
|
<property name="escapeCommasInUid">
|
|
<value>${ldap.authentication.escapeCommasInUid}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!--
|
|
|
|
This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
|
|
to pull them out of the LDAP reopsitory
|
|
|
|
-->
|
|
|
|
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
|
|
<property name="initialDirContextEnvironment">
|
|
<map>
|
|
<!-- The LDAP provider -->
|
|
<entry key="java.naming.factory.initial">
|
|
<value>${ldap.authentication.java.naming.factory.initial}</value>
|
|
</entry>
|
|
|
|
<!-- The url to the LDAP server -->
|
|
<!-- Note you can use space separated urls - they will be tried in turn until one works -->
|
|
<!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) -->
|
|
<entry key="java.naming.provider.url">
|
|
<value>${ldap.authentication.java.naming.provider.url}</value>
|
|
</entry>
|
|
|
|
<!-- The authentication mechanism to use -->
|
|
<!-- Some sasl authentication mechanisms may require a realm to be set -->
|
|
<!-- java.naming.security.sasl.realm -->
|
|
<!-- The available options will depend on your LDAP provider -->
|
|
<entry key="java.naming.security.authentication">
|
|
<value>${ldap.authentication.java.naming.security.authentication}</value>
|
|
</entry>
|
|
|
|
<!-- The id of a user who can read group and user information -->
|
|
<!-- This does not go through the pattern substitution defined above and is used "as is" -->
|
|
<entry key="java.naming.security.principal">
|
|
<value>${ldap.authentication.java.naming.security.principal}</value>
|
|
</entry>
|
|
|
|
<!-- The password for the user defined above -->
|
|
<entry key="java.naming.security.credentials">
|
|
<value>${ldap.authentication.java.naming.security.credentials}</value>
|
|
</entry>
|
|
</map>
|
|
</property>
|
|
</bean>
|
|
|
|
</beans> |