Alfresco
From Snix.hk
Contents |
Alfresco Labs 3 on Fedora 9
Labs 3 revision 3421
NTLM passthru authentication
Remote NTLM passthru authentication is working correctly with a clean build from the SVN source for revision 3412 - no patches necessary.
Basic NTLM passthru configuration:
Enable NTLM filters in
/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml
Enable remote
/opt/Alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml
Here's my configuration:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!-- The authentication component. -->
<!-- Use the passthru authentication component to authenticate using -->
<!-- user accounts on one or more Windows servers. -->
<!-- Properties that specify the server(s) to use for passthru -->
<!-- authentication :- -->
<!-- useLocalServer use the local server for authentication -->
<!-- domain use domain controllers from the specified domain-->
<!-- servers comma delimted list of server addresses or -->
<!-- names -->
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
<property name="nullDomainUseAnyServer">
<value>true</value>
</property>
<property name="servers">
<value>DOMAIN\192.168.0.1</value>
</property>
</bean>
</beans>
nullDomainUseAnyServer property when set to 'true' will pick the first available online passthru server from the list for authentication, if not set, will look for the first available online passthru server that does NOT have a domain set
LDAP user/group synchronization with Samba groups
Samba stores it's group memberUid's as a UID only. Alfresco needs a full DN to perform a per-group-member lookup to "validate" each group member.
Created a new configuration element similar to the name format that will allow the user to "remap" the UID-only to a full DN that Alfresco can use to perform the import.
In the HEAD/root directory, apply the patch with
$ patch -p0 < Ldap.samba.group.import.patch
Then configure with a DN remap:
... # The query to find group objects ldap.synchronisation.groupQuery=(objectclass=sambaGroupMapping) # The search base to use to find group objects ldap.synchronisation.groupSearchBase=ou=Groups,dc=example,dc=com # The attribute on LDAP group objects to map to the gid property in Alfrecso ldap.synchronisation.groupIdAttributeName=cn # The group type in LDAP ldap.synchronisation.groupType=sambaGroupMapping # The person type in LDAP ldap.synchronisation.personType=inetOrgPerson # The attribute in LDAP on group objects that defines the DN for its members ldap.synchronisation.groupMemberAttributeName=memberUid # Remapped DN for groupMemberAttributeName if the uid is not a full DN (ie: Samba groups) ldap.synchronisation.groupMemberDnRemap=uid=%s,ou=people,dc=example,dc=com ...
Sharepoint Document Management Constraint Violation
NOT TESTED
Previous Alfresco revisions would throw a integrity violation when a sharepoint connection requests updates:
23:31:24,142 User:{username} ERROR [node.integrity.IntegrityChecker] Found 1 integrity violations:
Invalid property value:
Node: workspace://SpacesStore/vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz
Type: {http://www.alfresco.org/model/content/1.0}person
Property: {http://www.alfresco.org/model/content/1.0}userName
Constraint: The value 'GROUP_{groupname}' is not an allowed user name: it is an authority of type: GROUP
The UserNameConstraint.java contraint file was only allowing types USER and GUEST to satisfy the constraint. I added GROUP and ROLE to enable sharepoint to work correctly.
Sharepoint_Update_with_groups.patch
In the HEAD/root directory, apply the patch with
$ patch -p0 < Sharepoint_Update_with_groups.patch
Mediawiki integration
So far, all attempts to install the mediawiki integration AMP have failed.
09:45:49,602 User:System ERROR [web.context.ContextLoader] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: Failed to execute transaction-level behaviour public abstract void org.alfresco.repo.node.NodeServicePolicies$OnCreateNodePolicy.onCreateNode(org.alfresco.service.cmr.repository.ChildAssociationRef) in transaction 4559cc62-b1e9-4e2c-86e8-4013b559a716
at org.alfresco.repo.policy.TransactionBehaviourQueue.execute(TransactionBehaviourQueue.java:201)
at org.alfresco.repo.policy.TransactionBehaviourQueue.beforeCommit(TransactionBehaviourQueue.java:133)
...
