Alfresco Process Services and Active Directory Integration

If you’ve ever configured Alfresco Content Services (ACS) to integrate with Active Directory (AD) for synchronizing and authenticating, configuring Alfresco Process Services (APS) will seem pretty familiar. However, there are some differences that are important to note.

Don’t use the ldap.authentication.active-directory properties

I never got these settings to work. The documentation mentions setting these for AD integration but, after failing with them, I fell back to using the LDAP-based ones that were similar to the settings in ACS as they worked without a problem. I did notice an older JIRA for APS 1.3.3 that mentioned problems, and I generally followed what was suggested there. Below you’ll find a sample activiti-ldap.properties file listed.

Specify default attributes that are mapped

Make sure you specify the AD attributes that map to user properties such as first name, last name, username, and email. The default values for all of these except mail is incorrect for out-of-the-box AD integration. A more complete list for APS can be found here.

 

Turn off case sensitivity

Sometimes AD administrators will use mixed case in usernames. Generally, this doesn’t cause a problem with applications as they ignore case when authenticating. However, APS by default does not ignore case (unlike ACS). So, if you had a value such as ASmith for someone’s sAMAccountName property in AD and they tried to log on as asmith (all lower case), the authentication would fail.

 

May need to change naming referral

When starting up APS and AD synchronization is run, you may run into a referral error that occurs during the LDAP query. The ACS documentation mentions this and the APS documentation shows it in a sample file but doesn’t go into details of what it means. You might need to turn your referral to follow, depending on your AD setup. For the same AD environment, I had to explicitly set the referral to follow, but did not need to set anything in ACS as the referral default is set to follow.

Sample files

See sample activiti-ldap.properties below as well as a snippet of ACS alfresco-global.properties for authentication and synchronization.

Example activiti-ldap.properties for fictional company alfrescotest.org

 

Example alfresco-global.properties for fictional company alfrescotest.org

 

For additional information on your integrations, contact us today.

Pin It on Pinterest

Sharing is caring

Share this post with your friends!