Configuring an OpenLDAP internal server

Angel Borroy edited this page Sep 14, 2018 · 2 revisions

Following instructions describe how to configure a new OpenLDAP service and PHPLdapAdmin webapp inside the Docker Machine to provide LDAP Authentication features in Alfresco Repository.

  1. Add OpenLDAP service and PHPLdapAdmin webapp to docker-compose.yml
    openldap:
        image: osixia/openldap
        container_name: openldap
        environment:
          LDAP_DOMAIN: "keensoft.es"
          LDAP_BASE_DN: "dc=keensoft,dc=es"
          LDAP_ADMIN_PASSWORD: "admin"
        volumes: 
            - ./volumes/data/ldap:/var/lib/ldap
            - ./volumes/data/slap.d:/etc/ldap/slap.d
        networks:
            - internal
        ports:
            - 389:389

    phpldapadmin:
        image: osixia/phpldapadmin
        container_name: phpldapadmin
        environment:
          PHPLDAPADMIN_LDAP_HOSTS: "openldap"
          PHPLDAPADMIN_HTTPS=false:
        links:
            - openldap
        depends_on:
            - openldap
        ports:
            - 8080:80
        networks:
            - internal

This configuration includes sample values for LDAP configuration properties LDAP_DOMAIN, LDAP_BASE_DN and LDAP_ADMIN_PASSWORD. They should be changed to fit your naming requirements.

OpenLDAPAdmin will be available by default at http://localhost:8080, but it can be configured to be used in other port or context in proxy service.

  1. Add configuration properties for LDAP Authentication at alfresco-global.properties
# LDAP Authentication
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.java.naming.provider.url=ldap://openldap:389
ldap.authentication.userNameFormat=uid=%s,dc=keensoft,dc=es
ldap.synchronization.active=false
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.