What you will needObviously, you need to download Alfresco, if you don't have it already. The newer the better, but I guess the instructions below would work for any Alfresco above 3.2.
While downloading, find and take note of the information below, you will need it:
- Name of the Active Directory server (let's say it is kate)
- Name of the domain (let's say it is aegif.local)
- Name of the domain administrator (let's say it is Administrator)
- Password of the domain administrator (let's say it is thepassword)
- For tests, you will also need a machine that belongs to the domain, different from the domain server itself.
Set up AlfrescoInstall Alfresco on the Active Directory server, and run it once to check that it works.
If you have not specified any particular port, then Alfresco is running on port 8080. If you have chosen a different port, just adapt the occurrences of 8080 in the following.
Add the following lines at the top of file tomcat\shared\classes\alfresco-global.properties :
authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm ldap.authentication.active=false ldap.authentication.userNameFormat=%s@aegif ldap.authentication.java.naming.provider.url=ldap://kate:389 ldap.synchronization.java.naming.security.principal=Administrator@aegif ldap.synchronization.java.naming.security.credentials=thepassword ldap.synchronization.groupSearchBase=cn\=Users,dc\=aegif,dc\=local ldap.synchronization.userSearchBase=cn\=Users,dc\=aegif,dc\=local synchronization.import.cron=0 0 5 * * ? ntlm.authentication.sso.enabled=true passthru.authentication.defaultAdministratorUserNames=Administrator passthru.authentication.useLocalServer=true passthru.authentication.domain= passthru.authentication.servers=
- Replace aegif with your domain name minus the .local part
- Replace kate with your the name of your Active Directory server.
passthru.authentication.domain=aegif passthru.authentication.servers=aegif\\nameoftheactivedirectoryserver passthru.authentication.defaultAdministratorUserNames=Administrator
Set up Alfresco ShareOpen tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml
Find the block that says <config evaluator="string-compare" condition="Remote"> (it is towards the end)
Delete this entire block, and also delete the <!-- and --> commenting around it.
Instead, paste this:
alfrescoCookie Alfresco Connector Connects to an Alfresco instance using cookie-based authentication org.alfresco.web.site.servlet.SlingshotAlfrescoConnector alfresco Alfresco - user access Access to Alfresco Repository WebScripts that require user authentication alfrescoCookie http://kate:8080/alfresco/wcs user true
Configure the domain serverLogged as the administrator of the domain, press Win+R and execute gpedit.msc .
Gpedit is the group policy editor, with which you can modify policies for the whole domain. With this tool, we will just need to modify a single parameter.
In the tree in the left pane, select Local Computer Policy > Windows Settings > Security Settings > Local Policies > Security Options.
A long list of items with similar names will appear in the right pane. Select Network Security: LAN Manager authentication level.
A dialog will appear.
In the dropdown box, set the value to Send LM & NTLM - use NTLMv2 session security if negotiated, as highlighted below:
Configure each clientYes, you will need to perform the following on ALL client machines :-/
Open Internet Explorer (you know, that tool you use to download Firefox)
Click Tools > Internet options > Security > Local intranet > Sites > Advanced.
You will get the dialog below:
If you want to access your Alfresco server via HTTP (not HTTPS), then you might need to first uncheck Require server verification (https:) for all sites in this zone.
Type in the protocol and machine name of your Alfresco server, as seen above, then press Add and close.
TestThat's all, time to test!
Open http://kate:8080/alfresco in Internet Explorer.
It should show your documents immediately, without asking for for any username/password.
TroubleshootingIf things don't go as well as expected:
1) Read alfresco.log and spot any exception.
2) Run the LDAP queries (ldap.synchronization.groupSearchBase and ldap.synchronization.userSearchBase) in an LDAP browser like Apache Directory Studio.