mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
3e2311888b
8083: Merged V2.1 to V2.2
8066: RM-31 and related issues (ACT-729)
8068: Fix for AR-1997
8084: Fixed script error on notify page of invite website user wizard
8086: Merged V2.1 to V2.2
8075: Clear()ing a hibernate session, is not always enough to guarantee that transactions not use unbounded amounts of memory
8076: Turn off test that needs to be fixed real soon now.
8092: Implementation for: http://issues.alfresco.com/browse/AR-1744
8093: Fixed upgrade scripts for V2.1.2 to V2.2 upgrades
8096: Fix for AWC-1578 and AWC-1814
8097: Added new indexes missing from scripts and made index names consistent.
8098: Fix for AWC-1548
8100: Removed use of QName from alf_permission table
8102: Fix for AWC-1690
8103: test was == on id that used to be long but is now a Long
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8476 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
111 lines
5.1 KiB
XML
111 lines
5.1 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<beans>
|
|
|
|
<!-- The main configuration has moved into a properties file -->
|
|
|
|
<bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
|
<property name="ignoreUnresolvablePlaceholders">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="locations">
|
|
<value>classpath:alfresco/extension/ldap-authentication.properties</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. -->
|
|
|
|
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
|
|
<property name="allowDeleteUser">
|
|
<value>true</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- LDAP authentication configuration -->
|
|
|
|
<!--
|
|
|
|
You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
|
|
web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
|
|
authentication routes, like Active Directory.
|
|
|
|
-->
|
|
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"
|
|
parent="authenticationComponentBase">
|
|
<property name="LDAPInitialDirContextFactory">
|
|
<ref bean="ldapInitialDirContextFactory"/>
|
|
</property>
|
|
<property name="userNameFormat">
|
|
<!--
|
|
|
|
This maps between what the user types in and what is passed through to the underlying LDAP authentication.
|
|
|
|
"%s" - the user id is passed through without modification.
|
|
Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
|
|
|
|
"cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"
|
|
Usually for simple authentication. Simple authentication always uses the DN for the user.
|
|
|
|
-->
|
|
<value>${ldap.authentication.userNameFormat}</value>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!--
|
|
|
|
This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
|
|
to pull them out of the LDAP reopsitory
|
|
|
|
-->
|
|
|
|
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
|
|
<property name="initialDirContextEnvironment">
|
|
<map>
|
|
<!-- The LDAP provider -->
|
|
<entry key="java.naming.factory.initial">
|
|
<value>${ldap.authentication.java.naming.factory.initial}</value>
|
|
</entry>
|
|
|
|
<!-- The url to the LDAP server -->
|
|
<!-- Note you can use space separated urls - they will be tried in turn until one works -->
|
|
<!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) -->
|
|
<entry key="java.naming.provider.url">
|
|
<value>${ldap.authentication.java.naming.provider.url}</value>
|
|
</entry>
|
|
|
|
<!-- The authentication mechanism to use -->
|
|
<!-- Some sasl authentication mechanisms may require a realm to be set -->
|
|
<!-- java.naming.security.sasl.realm -->
|
|
<!-- The available options will depend on your LDAP provider -->
|
|
<entry key="java.naming.security.authentication">
|
|
<value>${ldap.authentication.java.naming.security.authentication}</value>
|
|
</entry>
|
|
|
|
<!-- The id of a user who can read group and user information -->
|
|
<!-- This does not go through the pattern substitution defined above and is used "as is" -->
|
|
<entry key="java.naming.security.principal">
|
|
<value>${ldap.authentication.java.naming.security.principal}</value>
|
|
</entry>
|
|
|
|
<!-- The password for the user defined above -->
|
|
<entry key="java.naming.security.credentials">
|
|
<value>${ldap.authentication.java.naming.security.credentials}</value>
|
|
</entry>
|
|
</map>
|
|
</property>
|
|
</bean>
|
|
|
|
</beans> |