You are looking at documentation for an older release. Not what you want? See the current release documentation.
Here is an alternative configuration for Active Directory that you can find sample configurations of:
LDAP Connection in activedirectory-service-configuration.xml.
<component>
<key>org.exoplatform.services.ldap.LDAPService</key>
<type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>
<init-params>
<object-param>
<name>ldap.config</name>
<description>Default ldap config</description>
<object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">
<!-- for multiple ldap servers, use comma seperated list of host:port (Ex. ldap://127.0.0.1:389,10.0.0.1:389) -->
<!-- whether or not to enable ssl, if ssl is used ensure that the javax.net.ssl.keyStore & java.net.ssl.keyStorePassword properties are set -->
<!-- exo portal default installed javax.net.ssl.trustStore with file is java.home/lib/security/cacerts-->
<!-- ldap service will check protocol, if protocol is ldaps, ssl is enable (Ex. for enable ssl: ldaps://10.0.0.3:636 ;for disable ssl: ldap://10.0.0.3:389 ) -->
<!-- when enable ssl, ensure server name is *.directory and port (Ex. active.directory) -->
<field name="providerURL">
<string>ldaps://10.0.0.3:636</string>
</field>
<field name="rootdn">
<string>CN=Administrator,CN=Users,DC=exoplatform,DC=org</string>
</field>
<field name="password">
<string>exo</string>
</field>
<field name="version">
<string>3</string>
</field>
<field name="minConnection">
<int>5</int>
</field>
<field name="maxConnection">
<int>10</int>
</field>
<field name="referralMode">
<string>ignore</string>
</field>
<field name="serverName">
<string>active.directory</string>
</field>
</object>
</object-param>
</init-params>
</component>
LDAP Attribute Mapping in activedirectory-organization-configuration.xml.
<component xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd"
xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">
<key>org.exoplatform.services.organization.OrganizationService</key>
.....
<init-params>
......
<object-param>
<name>ldap.attribute.mapping</name>
<description>ldap attribute mapping</description>
<object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">
<field name="userLDAPClasses">
<string>top,person,organizationalPerson,user</string>
</field>
<field name="profileLDAPClasses">
<string>top,organizationalPerson</string>
</field>
<field name="groupLDAPClasses">
<string>top,organizationalUnit</string>
</field>
<field name="membershipTypeLDAPClasses">
<string>top,group</string>
</field>
<field name="membershipLDAPClasses">
<string>top,group</string>
</field>
<field name="baseURL">
<string>DC=exoplatform,DC=org</string>
</field>
<field name="groupsURL">
<string>OU=groups,OU=portal,DC=exoplatform,DC=org</string>
</field>
<field name="membershipTypeURL">
<string>OU=memberships,OU=portal,DC=exoplatform,DC=org</string>
</field>
<field name="userURL">
<string>OU=users,OU=portal,DC=exoplatform,DC=org</string>
</field>
<field name="profileURL">
<string>OU=profiles,OU=portal,DC=exoplatform,DC=org</string>
</field>
<field name="userUsernameAttr">
<string>sAMAccountName</string>
</field>
<field name="userPassword">
<string>unicodePwd</string>
</field>
<!--unicodePwd-->
<field name="userFirstNameAttr">
<string>givenName</string>
</field>
<field name="userLastNameAttr">
<string>sn</string>
</field>
<field name="userDisplayNameAttr">
<string>displayName</string>
</field>
<field name="userMailAttr">
<string>mail</string>
</field>
<field name="userObjectClassFilter">
<string>objectClass=user</string>
</field>
<field name="membershipTypeMemberValue">
<string>member</string>
</field>
<field name="membershipTypeRoleNameAttr">
<string>cn</string>
</field>
<field name="membershipTypeNameAttr">
<string>cn</string>
</field>
<field name="membershipTypeObjectClassFilter">
<string>objectClass=group</string>
</field>
<field name="membershiptypeObjectClass">
<string>group</string>
</field>
<field name="groupNameAttr">
<string>ou</string>
</field>
<field name="groupLabelAttr">
<string>l</string>
</field>
<field name="groupObjectClass">
<string>organizationalUnit</string>
</field>
<field name="groupObjectClassFilter">
<string>objectClass=organizationalUnit</string>
</field>
<field name="membershipObjectClass">
<string>group</string>
</field>
<field name="membershipObjectClassFilter">
<string>objectClass=group</string>
</field>
<field name="ldapCreatedTimeStampAttr">
<string>createdTimeStamp</string>
</field>
<field name="ldapModifiedTimeStampAttr">
<string>modifiedTimeStamp</string>
</field>
<field name="ldapDescriptionAttr">
<string>description</string>
</field>
</object>
</object-param>
</init-params>
</component>
There is a Microsoft limitation: The password cannot be set in AD via unsecured connection, so you have to use the LDAPS protocol.
Using LDAPS protocol with Active Directory
Set up AD to use SSL as follows:
i. Add the Active Directory Certificate Services role.
ii. Install the right certificate for the DC machine.
Enable Java VM to use the certificate from AD as follows (note that this step is not AD related, it is applicable for any LDAP server when you want to enable the SSL protocol):
i. Import the root CA used in AD to keystore, like below:
keytool -importcert -file 2008.cer -keypass changeit -keystore /home/user/java/jdk1.6/jre/lib/security/cacertsii. Set the JAVA options.
JAVA_OPTS="${JAVA_OPTS} -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=/home/user/java/jdk1.6/jre/lib/security/cacerts"