1)首先在全局的\tomcat\shared\classes\alfresco-global.properties下面加入如下行:
-------
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad,ldap2:ldap-ad (多个ldap)
ldap.synchronization.java.naming.security.authentication=simplesynchronization.synchronizeChangesOnly=false (每次都是full方式同步,更新所有用户信息) synchronization.import.cron=0 0/60 * * * ? (每一小时同步一次) synchronization.syncOnStartup=false (不在启动时同步)2)建立ldap1文件 \tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ad\ldap1\my.properties
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain1.comldap.authentication.java.naming.provider.url=ldap://10.142.145.20:3268ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,yourusername#ldap.synchronization.active=trueldap.synchronization.java.naming.security.principal=youname@domain1.comldap.synchronization.java.naming.security.credentials=abbcdldap.synchronization.userSearchBase=ou=\staff,ou\=shanghai,dc\=domain1,dc\=com#下面行可以将所有的ldap中的group去掉,不同步过来,一般ldap里的组在alfresco里没有意思,af里重新设置规划组.ldap.synchronization.groupSearchBase=ou=\exdgtscn,ou\=shanghai,dc\=domain2,dc\=comldap.synchronization.personQuery=(objectClass\=User)ldap.synchronization.personType=organizationalPersonldap.synchronization.userIdAttributeName=sAMAccountNameldap.synchronization.userFirstNameAttributeName=displayNameldap.synchronization.userLastNameAttributeName=canonicalNameldap.synchronization.userEmailAttributeName=mail#synchronization.syncWhenMissingPeopleLogIn=true#synchronization.autoCreatePeopleOnLogin=false重新启动下就可以了.