Liferay + Alfresco + Opensso + LDAP Integration
Total Page:16
File Type:pdf, Size:1020Kb
Liferay + Alfresco + OpenSSO + LDAP Integration By Uchit Vyas [email protected] www.attuneuniversity.com About Author Uchit Vyas a B.Tech. Graduate in Computer Science with a research interest in ESB & Cloud and is a certified by Cisco (CCNA), VMware (VSP) and Red Hat Linux (RHCE) professional. He has an energetic strength to work on multiple platforms at a time and ability to integrate open source technologies. He works as a Sr. Consultant and looking afterAWS – Cloud, Mule ESB, Alfresco, Liferay and deploying Portal, ECM system. He was previously working with TCS as Assistant System Engineer. Over 3+ years of hands on experience on Open Source technologies, he manages to guide the team and deliver the projects and trainings. He has provided 13+ trainings on Cloud Computing, Continuous Delivery, Alfresco and Liferay in couple of months. During past years he moved over 80% of Attune Infocom business processes to the Cloud with implementing agile SDLC methodology on Amazon, Rackspace and private clouds like Eucalyptus, Openstack. His skills are not limited as his designing and managing Cloud environment/infrastructure, server architecture. He is also active in shell scripting, auto deployment, supporting hundreds of Linux and Windows physical & virtual servers hosting databases, and applications with Continuous delivery using Jenkins / Cruise Control with Puppet / Chef scripting. Liferay + Alfresco + OpenSSO + LDAP Integration 1 Table of Content I. LDAP Integration with Liferay II. Integration OpenSSO/OpenAM with Liferay Portal on Tomcat III. Alfresco Opensso Integration IV. Enable LDAP Authentication and LDAP users import in Alfresco 2 Liferay + Alfresco + OpenSSO + LDAP Integration LDAP Integration with Liferay ApacheDS http://directory.apache.org/apacheds/1.5/download/download- windows.html Download the ApacheDS from above link and install exe in windows Now you just simply run the ApacheDS and follow the instructuin and finish installation. Check for the java version e.g. java –version To install and use ApacheDS require JRE 5 or later and windows xp or vista By default the LDAP server listens on port 10389 (unencrypted or StartTLS) and 10636 (SSL). Installing LDAP browser Go to www.jxplorer.org. Click Downloads>precompiled java package>Windows platform. Save file. Click on the LDAP browser icon and follow the installation instruction Open LDAP browser jxplorer and click file and than connect Change the port to 10389 Liferay + Alfresco + OpenSSO + LDAP Integration 3 In the Level drop-down menu, choose User+Password Insert uid=admin,ou=system in the User DN input field. The password is secret. Click Save and enter a name for the template. Right click on Example and click New Add inetorgperson to the Selected Class or select Suggest Classes (eg. For creating user) Enter cn=uchit in the Enter RDN field and click OK. 4 Liferay + Alfresco + OpenSSO + LDAP Integration In the Table Editor enter Uchit in the SN line. Enter Uchit in the givenName line. For the mail enter [email protected]. For the user password enter test. Click Submit. Liferay + Alfresco + OpenSSO + LDAP Integration 5 Integration with liferay Now you are suppose to integrate the ldap with liferay login in a liferay as a administrator for e.g. [email protected] and password test. Once, you generated your profile in ldap than cofigure your liferay to import/export users from ldap In liferay go to – Control Panel – Setting – than Authentication Now you will find ldap there are list of directories select your one. Than configure your own connection url base dn, principle Credential and test this connection is working ok.(By clicking on Add button) 6 Liferay + Alfresco + OpenSSO + LDAP Integration In above example, If you check the box to enable ldap Required mean login will require ldap to authenticate Then set other properties search filter you change it to just name only instead of email can change group name You can also change group search filter You can also enable import/export of user from ldap with liferay And all of this properties you can also set portal-ext.properties file which you can find in root/web-inf/classes/portal-ext.properties. Portal-ext.properties File will override your setting from defaults one Now just start Directory server and use ldap user in liferay For Integrating liferay with ldap install directory server and start Enable ldap in liferay select your DS from list for other use portal- ext. properties Use ―secret‖ as password Liferay + Alfresco + OpenSSO + LDAP Integration 7 change search filter from email to (cn=@screen_name@) If you want to import/export check the boxe You can also check your connection and list of users If you connection is replying than everything is working properly When you use ldap user first liferay will ask for terms and condition Portal.properties and override use portal-ext.properties ldap.import.enabled=false ldap.import.on.startup=false. ldap.import.interval=10 ldap.import.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.import.base.provider.url=ldap://localhost:10389 ldap.import.base.dn=dc=example,dc=com ldap.import.security.principal=uid=admin,ou=system ldap.import.security.credentials=secret ldap.import.search.filter=(objectClass=inetOrgPerson) ldap.import.user.mappings=userId=cn\npassword=userPassword\nemail Address=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ng roup=groupMembership ldap.import.group.mappings=groupName=cn\ndescription=description ldap.auth.enabled=false ldap.auth.required=false ldap.auth.method=bind Integrating OpenSSO / OpenAM with Liferay Portal on Tomcat Liferay Portal and OpenSSO both require a minimum 1.5 JVM, but I would recommend using Java 6 (as Java 1.5 reached its End of Service Life in October, 2009). Make sure that your JAVA_HOME 8 Liferay + Alfresco + OpenSSO + LDAP Integration environment variable is correctly set to point to your Java 6 installation. For OpenSSO to work correctly with Liferay Portal, both servers need to be running in the same domain. To solve this issue while running both servers on a single machine, edit the hosts file (/etc/hosts or %SystemRoot%\system32\drivers\etc\) and add/update your localhost entry: 127.0.0.1 localhost localhost.example.com where example.com is your actual domain.(uchit.info.com) Install OpenSSO/OpenAM Download the latest OpenAM (OpenAM Snapshot 9.5.1 RC1) build from http://www.forgerock.com/downloads.html Downloaded the latest Tomcat (6.0.32) from http://tomcat.apache.org/download-60.cgi Installation of the Tomcat server consisted of: Unzip apache-tomcat-6.0.32 zip file. This will create an apache- tomcat-6.0.32 folder. As both Liferay Portal and OpenAM will be running on the same machine, I needed to update the ports that the OpenAM Tomcat server was using. Edit apache-tomcat-6.0.32/conf/server.xml. I changed all of the ports from 8xxx to 9xxx. For example, 8080 to 9080, 8443 to 9443, etc. Liferay + Alfresco + OpenSSO + LDAP Integration 9 On Linux/MacOS, you will need to add execute permissions to all of the shell scripts in the bin directory: chmod +x *.sh Installation of OpenAM consisted of: Unzip openam_snapshot_951RC1.zip to a directory. This will create an opensso folder. Copy the opensso.war from opensso/deployable-war/ to apache- tomcat-6.0.32/webapps/. In apache-tomcat-6.0.32/bin/, execute startup.sh (or startup.bat) to start Tomcat and deploy OpenAM. After Tomcat has deployed OpenAM, you will see the exploded war file as apache-tomcat-6.0.29/webapps/opensso. Open a browser to http://uchit.info.com:9080/opensso, which should redirect you to http://uchit.info.com:9080/opensso/config/options.htm, to complete the OpenAM configuration. You should see the OpenAM configuration options page. Under Custom Configuration click Create New Configuration. Enter the following: 10 Liferay + Alfresco + OpenSSO + LDAP Integration First step is to choose password for the default administrator account (amAdmin). The password needs to be at least 8 characters long (eg. upassword). Once a valid password has been entered twice, the next button will appear and the configuration can proceed. Liferay + Alfresco + OpenSSO + LDAP Integration 11 . On the server settings page, the Server URL and the Configuration Directory both need some attention. By default the Server URL will be the address that was typed to reach the server. The problem with this being that it requires a fully qualified domain name, so if the page was accessed via localhost or an IP Address it will cause problems. This is why it was configured to be accessible at uchit.info.com. 12 Liferay + Alfresco + OpenSSO + LDAP Integration . The other setting on this page to take note of is the Configuration Directory. It is important that the user that Apache Tomcat is running under has write access to that directory. As a result ~/openam/config is appropriate for this purpose. Supported Platform Locales are en_US (English), de (German), es (Spanish), fr (French), ja (Japanese), zh_CN (Simplified Chinese), or zh_TW (Traditional Chinese). Liferay + Alfresco + OpenSSO + LDAP Integration 13 . The Configuration Data Store Settings do not need to be changed when working with a single server configuration. The User Data Store Settings are what connect OpenAM to the OpenDS data store. The side effect of this is that most of these setting require some attention. Fields which require changing are marked with an Asterisk (*). *User Data Store Type : OpenDS SSL/TLS Enabled : Not ticked *Directory Name : uchit.info.com *Port : 10389 *Root Suffix : dc=example,dc=com 14 Liferay + Alfresco + OpenSSO + LDAP Integration Login ID : uid=admin,ou=system *Password : secret . The configurator does not give the option to continue until all the settings have been correctly specified and it has successfully connected to the OpenDS instance. OpenAM is not installed behind a load balancer in this test deployment, so Site Configuration can be left as default.