Connecting Alfresco to Zimbra LDAP

[jsosic]

Hi. Alfresco is advanced document management with integrated NFS, CIFS, FTP... It can sync users and groups from LDAP.

Anyway, I've integrated succesfully Zimbra and samba/posix zimlets (addons) and I've set up Zimbra's LDAP as master LDAP for Samba PDC. So, users are now added only in one place - in Zimbra's administration panel.

Now I want to sync Alfresco with Zimbra LDAP users/groups. I've succeded pretty much with it, with only one problem remaining. I can't connect users to groups. Although they are set OK in LDAP, and in Zimbra, in alfresco I can see all the groups and all the users, but there is no connection between them.

Problem is I don't understand what LDAP settings I should set...
Here is my /var/lib/tomcat5/shared/classes/alfresco/extension/subsystems/Authentication/ldap/zimbraldap/ldap-authentication.properties:

Code:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=zimbra,dc=company,dc=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://IP_OF_LDAP:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=jsosic
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=config
ldap.synchronization.java.naming.security.credentials=PASSWORD
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=groups,dc=company,dc=com
ldap.synchronization.userSearchBase=ou=people,dc=zimbra,dc=company,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=zimbraId ***
ldap.synchronization.defaultHomeFolderProvider=homeDirectory
ldap.synchronization.groupIdAttributeName=gidNumber
ldap.synchronization.groupType=posixGroup ***
ldap.synchronization.personType=organizationalPerson ***
ldap.synchronization.groupMemberAttributeName=memberUid ***
ldap.synchronization.enableProgressEstimation=true

I don't understand from Zimbra LDAP what value should I set for groupType and personType attributes? I've set organizationalPerson, because default value was inetOrgPerson. groupType default was groupOfNames... Which doesn't ring a clue for me How can I be sure I've selected the correct ones?
I also totaly don't understand userOrganizationalIdAttributeName and how to find it in slapcat's output. Default value in Alfresco config file was 'o', like this:

Code:

ldap.synchronization.userOrganizationalIdAttributeName=o

I would appreciate any kind of help...

[kmanickam]

Hi,

I am already using zimbra mail server. Recently i have installed alfresco open source software its working fine Now i want integrate the Zimbra ldap to alfresco could please some one help me on this

what are changes i need to do in the alfresco server

Thanks & Regards
Manickam

[linhart1]

Hello, did You resolved your issue?

Generally, could not be the groupType the same groupType you type in by the definition of the posix group in the posix Zimlet?

cheers, Archie

[kmanickam]

Hello, did You resolved your issue?

Generally, could not be the groupType the same groupType you type in by the definition of the posix group in the posix Zimlet?

cheers, Archie

No I am tried, but it not successfull with zimbra LDAP

Please let me know if any one have good news on this

Thanks
Manickam

[Mudasar]

Zimbra is not using simple authentication, it use DIGEST-MD5.
You can try the following settings, it is working on my side

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid\=%s,ou\=use rs,dc\=XXXX,dc\=com
ldap.authentication.java.naming.factory.initial=co m.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://XXXXXXX:389
ldap.authentication.java.naming.security.authentic ation=DIGEST-MD5
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames= XXXXX
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principa l=uid\=XXX,cn\=XXXX,cn\=XXXX
ldap.synchronization.java.naming.security.credenti als=XXXXXX
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=grou pOfNames)
ldap.synchronization.groupDifferentialQuery=(&(obj ectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=ine tOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(ob jectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}) ))
ldap.synchronization.groupSearchBase=ou\=groups,dc \=XXXX,dc\=com
ldap.synchronization.userSearchBase=ou\=people,dc\ =XXXXX,dc\=com
ldap.synchronization.modifyTimestampAttributeName= modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmms s'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=gi venName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttribute Name=o
ldap.synchronization.defaultHomeFolderProvider=use rHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memb er
ldap.synchronization.enableProgressEstimation=true

[thomasle]

Hi,

I am already using zimbra mail server. Recently i have installed alfresco open source software its working fine Now i want integrate the Zimbra ldap to alfresco could please some one help me on this

what are changes i need to do in the alfresco server

Thanks & Regards
Manickam

Hi kmanickam,

I am very interested with your topic. please help me if you success.

Thanks a lot.