Alfresco on Windows Server with Active Directory Authentication
Let’s be honest about this: the documentation for Alfresco, the SharePoint-like Enterprise Content Management System is opaque.
Today, I installed the free Community Edition of Alfresco on a Windows Server 2008 R2 virtual machine. The first thing I wanted to do was connect it to Active Directory in order to delegate authentication duties to my domain controllers. I didn’t find the documentation particularly helpful. So here’s what I did:
- You won’t be able to do this until you’ve fired up the TomCat server at least once – that causes the creation of the necessary files and folders.
- Find the
repository.propertiesfile. In the default installation, it will be in the folder,
C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco. Open it with your favourite text editor – preferably not Notepad, since the file has Unix line endings, which Notepad won’t handle correctly.
- In that file, find the line
authentication.chain=alfrescoNtlm1:alfrescoNtlm. Change it to read
authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlmand save the file.
- Next, go to
C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad(or similar, if you chose to install in a different location). You need to edit the file
ldap-ad-authentication.properties, but note that you may need to run your text editor as Administrator in order to be able to save your changes. Make the following edits:
- Insert your domain:
- Put connection details for your DC:
- Choose an administrator for Alfresco, from your AD list of users:
- Insert the administrator’s UPN:
- Add the administrator’s password. Yes, in plain text. Yes, this is very bad. Take all necessary precautions:
- Put the search base (possibly a subset of your AD tree) for groups:
ldap.synchronization.groupSearchBase=OU\=My Groups,DC\=mydomain,DC\=local– NB this is case sensitive, and the extra backslashes are required
- Put the search base (possibly a subset of your AD tree) for users:
ldap.synchronization.userSearchBase=OU\=My Users,DC\=mydomain,DC\=local– again, this is case sensitive, and the extra backslashes are required
- Insert your domain:
- Use the Alfresco Manager Tool to restart the services.
From Alfresco, you should now be able to browse users and groups from whichever OU you used.
Note: I initially did all the above using Alfresco 4.2c, only to discover there are some bugs relating to SharePoint in that release. The recommended solution until a later version is released is to try one of the nightly builds.
Alfresco logo copyright © Alfresco Software, Inc..