How to Setup Windows AD authentication on Alfresco Share

Setting up AD authentication on Alfresco is pretty trivial. Here are the steps:

Navigate to tomcat/shared/classes on the Alfresco root folder

cd tomcat/shared/classes

You should see the file alfresco-global.properties. make a copy of this file

sudo cp alfresco-global.properties alfresco-global.properties.original

now lets edit the file, open the vi editor

sudo vi alfresco-global.properties

Add the following lines at the very end

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad

ldap.authentication.active=true

ldap.authentication.userNameFormat=%s@ezref.info

ldap.authentication.java.naming.provider.url=ldap://1.1.1.1:3268

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=serviceaccount@domainname

ldap.synchronization.java.naming.security.credentials=password

ldap.synchronization.groupSearchBase=dc\=ezref,dc\=info

ldap.synchronization.userSearchBase=dc\=ezref,dc\=info

synchronization.import.cron=0 0 * * * ?

 Note:

Replace the %s@ezref.info with your domain name

Replace the ldap=://1.1.1.1:3268 with the IP address of your LDAP server

Replace the principal=serviceacount@domainname with the account that will synchronize the ldap accounts

Replace the password with the LDAP service account password

Replace the groupSearchBase=dc\... with your domain

Replace the userSearchBase=dc\.. with your domain

save the file and go to the Alfresco root folder

cd /opt/alfresco-4.0.d

Reboot the Alfresco server

sudo ./alfresco.sh restart

Once the server has started, check the logs and you should see the user accounts being synchronized

tail -f alfresco.log

Test if the LDAP authentication works by using the command:

ldapsearch -h 1.1.1.1:3268 -D ldapaccount@ezref.info -W -x

Now you can login using your Windows AD credentials