I planned to use Alfresco with an authentication system based on Active Directory.  But it took around a  week for me to understand how to integrate Alfresco with my Active Directory and its implementation. After we managed to integrate them, I decided to share the important things I learned during that week 🙂 for myself as a future-use note and for people who looking for a solution about their problems.

1. Enable logging

It should be the first step for everything 🙂 It was the main reason for spending a week on this problem for me, I just tried to change parameters and tested it without any logging and analyzing what the problem is on my configuration. I had believed that my configuration was correct at each time 🙂

...
# Authorization
log4j.logger.org.alfresco.enterprise.repo.authorization.AuthorizationService=info
log4j.logger.org.alfresco.enterprise.repo.authorization.AuthorizationsConsisten...

#Add these lines below to the end of the file
log4j.logger.org.alfresco.repo.importer.ImporterJob=debug
log4j.logger.org.alfresco.repo.importer.ExportSourceImporter=debug
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug

2. Authentication and Synchronization?

Authentication subsystem is used just for checking the user exists or not in active directory, then approves login or returns fail. However, no user is created in the user list in Alfresco local, so you can not manage users for adjusting his/her permission or site management.

Synchronization subsystem is used for getting user information from AD and cloning them into Alfresco system, so a user is created in Alfresco for each user in AD, so we can list all users to manage them in Alfresco.

We will use both…

3. Configure…

Don’t touch anything in the path “<ALFRESCO_DIR>\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap”… It’s not needed… In addition, we have used 5.1 Community Edition and there is no directory in \subsystems\ directory.

Changes will be only on “<ALFRESCO_DIR>\tomcat\shared\classes\alfresco-global.properties”… Easy…

Updating this file is enough to configure authentication and synchronization with AD. I will share my configuration on GitHub with comments line by line. Please read the comments there for your setup.

Here is my configuration template…