Alfresco Installation unter Debian mit MySQL + AD-Anbindung

Voraussetzungen

  • Openoffice
    apt-get install openoffice.org
  • ImageMagick
    apt-get install imagemagick
  • SWFTools – siehe weiter unten
  • Apache
    apt-get install apache2
  • Tomcat
    apt-get install tomcat6
  • MySQL + phpmyadmin
    apt-get install mysql-server mysql-client phpmyadmin
  • OpenJDK 6 JRE
    apt-get install openjdk-6-jre --- sollte mit Tomcat bereits installiert werden
  • MySQL JDBC-Connector
    apt-get install libmysql-java
  • ZIP
    apt-get install zip

 SWFTools

  1. von http://www.swftools.org/download.html herunterladen und entpacken (tar   xzvf)
  2. folgende Packages installieren
    apt-get install zlib1g-dev libjpeg62-dev libgif-dev libfreetype6-dev g++
  3. in den swftools-Ordner wechseln und ./configure ausführen – auf mögliche   Fehler achten
  4. make
  5. make install

Hinweis: Möglicherweise muss die Datei  swfs/Makefile editiert werden, wenn Fehler am Ende von make install auftritt  (rm: invalid option — ). Hier in der File die betroffenen Zeilen suchen und die  Parameter -o -L entfernen!

Hinweis: Es dürfte in Version 9.2 einen Bug  geben, daher Version 9.1 verwenden!

Installation von Alfresco

  • Herunterladen von alfresco-community-x.x.x.zip   und alfresco-community-spp-x.x.x.zip über   http://wiki.alfresco.com/wiki/Download_Community_Edition unter dem   Punkt 1 auf “Custom Installs & Optional Modules”
  • Unter /var einen Folder alfresco anlegen
    cd /var mkdir alfresco
  • Benutzer und Gruppe zuweisen
    chown tomcat6.tomcat6 alfresco
  • Die beiden heruntergeladenen Files in den Ordner /var/alfresco   kopieren
  • alfresco-community-x.x.x.zip in den Ordner alfresco_x.x.x entpacken (Ordner gegebenfalls anlegen)

Installation von alfresco.war und share.war inklusive des MS Sharepoint  Connectors

  • die alfresco.war und share.war Dateien (zu finden unter /var/alfresco/alfresco_4.0.d/web-server/webapps) in den Ordner   /var/lib/tomcat6/webapps kopieren
  • in den Ordner /var/alfresco/alfresco_x.x.x wechseln und einen Ordner amps erstellen
  • vom Ordner /var/alfresco/alfresco-spp-x.x.x die alfresco-community-spp-x.x.x.amp in den zuvor erstellten Ordner kopieren
  • die Datei apply_amps.sh (unter /var/alfresco/alfresco_x.x.x/bin) editieren und folgende Änderungen in den ersten beiden Zeilen durchführen:
    export ALF_HOME=/var/alfresco/alfresco_4.0.d export CATALINA_HOME=/var/lib/tomcat6
  • JAVA_HOME setzen
    export JAVA_HOME="/usr/lib/jvm/java-6-openjdk"
  • vom Ordner /var/alfresco/alfresco_x.x.x aus ./bin/apply_amps.sh ausführen und auf folgende Ausgabe achten:
    This script will apply all the AMPs in ./amps and ./amps_share to the alfresco.war and share.war files in ./tomcat/webapps
    Press control-c to stop this script . . .
    Press any other key to continue . . .
    Module 'org.alfresco.module.vti' installed in '/var/lib/tomcat6/webapps/alfresco.war'
    -    Title:        Vti
    -    Version:      1.2
    -    Install Date: Mon Apr 16 11:26:49 CEST 2012
    -    Description:   Alfresco Vti Extension Module managment tool available commands:
    -----------------------------------------------------------
    install: Installs a AMP file(s) into an Alfresco WAR file, updates if an older version is already installed.
    usage:   install <AMPFileLocation> <WARFileLocation> [options] valid options:
     -verbose   : enable verbose output
     -directory : indicates that the amp file location specified is a directory.
     All amp files found in the directory and its sub directories are installed.
     -force     : forces installation of AMP regardless of currently installed module version
     -preview   : previews installation of AMP without modifying WAR file
     -nobackup  : indicates that no backup should be made of the WAR
    
    -----------------------------------------------------------
    
    list:  Lists all the modules currently installed in an Alfresco WAR file.
    usage: list <WARFileLocation>
    
    -----------------------------------------------------------
    
    No modules are installed in this WAR file
    No modules are installed in this WAR file
    About to clean out ./tomcat/webapps/alfresco and ./tomcat/webapps/share directories and temporary files...
    Press control-c to stop this script . . .
    Press any other key to continue . . .
    Cleaning temporary Alfresco files from Tomcat...

 Installation von MySQL JDBC

  • neuesten MySQL JDBC Treiber herunterladen und die Datei mysql-connector-java-x.x.x-bin.jar entpacken
  • die Datei in den Ordner /usr/share/tomcat6/lib kopieren

 Berechtigungen überprüfen und setzen

  • auf die kopierten Files und Ordner unter /var/lib/tomcat6 den Benutzer und die Gruppe auf tomcat6 setzen

 MySQL Datenbank erstellen

  • auf phpmyadmin verbinden und folgenden SQL-Befehl ausführen
    create database alfresco character set utf8;
    grant all on alfresco.* to 'alfresco'@'localhost' identified by 'yourpassword' with grant option;
    grant all on alfresco.* to 'alfresco'@'localhost.localdomain' identified by 'yourpassword' with grant option;

 

Konfiguration

/var/lib/tomcat6/shared/classes/alfresco-global.properties

Die Konfiguration wie folgt durchführen

###############################
## Common Alfresco Properties #
###############################

#
# Sample custom content and index data location
#
dir.root=/var/alfresco/alf_data
dir.keystore=${dir.root}/keystore

#
# Sample database connection properties
#
db.username=alfresco
db.password=yourpassword
db.name=alfresco
db.host=localhost
db.port=3306
#db.pool.validate.query=select 1

#
# External locations
#-------------
#ooo.exe=soffice
ooo.exe=/usr/bin/soffice
ooo.enabled=true
jodconverter.officeHome=/usr/lib/openoffice
jodconverter.portNumbers=8101
jodconverter.enabled=true
#img.root=./ImageMagick
img.root=/var/alfresco/ImageMagick
#swf.exe=./bin/pdf2swf
swf.exe=/usr/local/bin/pdf2swf

#
# Property to control whether schema updates are performed automatically.
# Updates must be enabled during upgrades as, apart from the static upgrade scripts,
# there are also auto-generated update scripts that will need to be executed.  After
# upgrading to a new version, this can be disabled.
#
db.schema.update=true

#
# MySQL connection
#
#db.driver=org.gjt.mm.mysql.Driver
db.driver=com.mysql.jdbc.Driver
db.url=jdbc:mysql://localhost:3306/alfresco?useUnicode=yes&characterEncoding=UTF-8
#db.url=jdbc:mysql://${db.host}:${db.port}/${db.name}?useUnicode=yes&characterEncoding=UTF-8

#
# Oracle connection
#
#db.driver=oracle.jdbc.OracleDriver
#db.url=jdbc:oracle:thin:@localhost:1521:alfresco

#
# SQLServer connection
# Requires jTDS driver version 1.2.5 and SNAPSHOT isolation mode
# Enable TCP protocol on fixed port 1433
# Prepare the database with:
# ALTER DATABASE alfresco SET ALLOW_SNAPSHOT_ISOLATION ON;
#
#db.driver=net.sourceforge.jtds.jdbc.Driver
#db.url=jdbc:jtds:sqlserver://localhost:1433/alfresco
#db.txn.isolation=4096

#
# PostgreSQL connection (requires postgresql-8.2-504.jdbc3.jar or equivalent)
#
#db.driver=org.postgresql.Driver
#db.url=jdbc:postgresql://localhost:5432/alfresco

#
# Index Recovery Mode
#-------------
#index.recovery.mode=AUTO

#
# Outbound Email Configuration
#-------------
mail.host=your.mail.srv
mail.port=25
#mail.username=
#mail.password=
mail.encoding=UTF-8
mail.from.default=alfresco@your.dom
mail.smtp.auth=false

#
# Alfresco Email Service and Email Server
#-------------
# Enable/Disable the inbound email service.  The service could be used by processes other than
# the Email Server (e.g. direct RMI access) so this flag is independent of the Email Service.
#-------------
#email.inbound.enabled=true

# Email Server properties
#-------------
#email.server.enabled=true
#email.server.port=25
#email.server.domain=your.dom
#email.inbound.unknownUser=anonymous

# A comma separated list of email REGEX patterns of allowed senders.
# If there are any values in the list then all sender email addresses
# must match. For example:
#   .*\@alfresco\.com, .*\@alfresco\.org
#-------------
email.server.allowed.senders=.*\@your\.dom, .*\@your\.second\.dom

#
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#-------------
#authentication.chain=alfrescoNtlm1:alfrescoNtlm

#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#-------------
#alfresco.context=alfresco
#alfresco.host=${localname}
#alfresco.port=8080
#alfresco.protocol=http
#
#share.context=share
#share.host=${localname}
#share.port=8080
#share.protocol=http

#imap.server.enabled=true
#imap.server.port=1143
#imap.server.host=0.0.0.0

# Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'.
# This allows connections to JMX both remotely and locally.
#
alfresco.rmi.services.host=0.0.0.0

#
# RMI service ports for the individual services.
# These seven services are available remotely.
#
# Assign individual ports for each service for best performance
# or run several services on the same port. You can even run everything on 50500 if needed.
#
# Select 0 to use a random unused port.
#
avm.rmi.service.port=50501
avmsync.rmi.service.port=50502
attribute.rmi.service.port=50503
authentication.rmi.service.port=50504
repo.rmi.service.port=50505
action.rmi.service.port=50506
wcm-deployment-receiver.rmi.service.port=50507
monitor.rmi.service.port=50508

####
# CIFS/SMB options
####
cifs.domain=YOURADDOMAIN
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.sessionPort=1139
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138

###
# FTP properties
###
ftp.port=1121

###
# IMAP options
###
#imap.config.server.mountPoints=AlfrescoIMAP
#imap.config.server.mountPoints.default.mountPointName=IMAP
#imap.config.server.mountPoints.default.modeName=ARCHIVE
#imap.config.server.mountPoints.default.store=${spaces.store}
#imap.config.server.mountPoints.default.rootPath=/${spaces.company_home.childname}/cm:Imap_x0020_Home
#imap.config.server.mountPoints.value.AlfrescoIMAP.mountPointName=Alfresco IMAP
#imap.config.server.mountPoints.value.AlfrescoIMAP.modeName=ARCHIVE

###
# AD-Authentication options
# more options set seperately in tomcat6/shared/.../ldap/ldap-authentication
###
#authentication.chain=youraddomainAD:ldap-ad,youraddomainADPassthru:passthru

LDAP und IMAP ist noch nicht aktiviert. Erster Start (/etc/init.d/tomcat6  start) von Alfresco kann durchgeführt werden. Es werden ein paar Fehler  auftreten, danach gleich wieder stoppen (/etc/init.d/tomcat6 stop). Aber es sollte die Datenbank befüllt werden und die war-Files werde deployed. Danach muss man in den erstellten Files noch Änderungen durchführen.

Logging konfigurieren – /var/lib/tomcat6/shared/classes/webapps/share/WEB-INF/classes/log4j.properties

  • log4j.appender.File.File=/var/log/tomcat6/alfresco.log

Logging konfigurieren –  /var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/log4j.properties

  • log4j.appender.File.File=/var/log/tomcat6/alfresco.log

Keystore an die richtige Stelle kopieren

  • cp -a /var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/keystore/   /var/alfresco/alf_data/

LDAP-aktivieren

  • alfresco-global.properties anpassen (authentication.chain auskommentieren)
  • default-synchronization.properties anpassen (/var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties)
#
# This properties file is used to configure user registry syncronisation (e.g. LDAP)
#

# Should the scheduled sync job use differential or full queries on the user
# registries to determine the set of local users to be updated? When true,
# each user registry is only queried for those users and groups modified since
# the most recent modification date of all the objects last queried from that
# same source. When <code>false</code> then <i>all</i> users and groups are
# queried from the user registry and updated locally. Nevertheless, a separate
# query will be run by the scheduled sync job to determine deletions.
synchronization.synchronizeChangesOnly=false

# The cron expression defining when imports should take place ----- int this case every 3 minutes
synchronization.import.cron=0 0/3 * * * ?

# Should we trigger a differential sync when missing people log in?
synchronization.syncWhenMissingPeopleLogIn=true

# Should we trigger a differential sync on startup?
synchronization.syncOnStartup=true

# Should we auto create a missing person on log in?
synchronization.autoCreatePeopleOnLogin=false

# The number of entries to process before logging progress
synchronization.loggingInterval=100

# The number of threads to use when doing a batch (scheduled or startup)
sync synchronization.workerThreads=2
  • ldap-ad-authentication.properties anpassen (/var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties)
# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=false

# How to map the user id entered by the user to taht passed through to LDAP
# In Active Directory, this can either be the user principal name (UPN) or DN.
# UPNs are in the form <sAMAccountName>@domain and are held in the userPrincipalName attribute of a user
ldap.authentication.userNameFormat=%s@youraddomain.loc

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://youraddomain.loc:389

# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=Administrator

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true

# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple

# The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
ldap.synchronization.java.naming.security.principal=alfresco@youraddomain.loc

# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=yourpassword

# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000

# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.
ldap.synchronization.attributeBatchSize=1000

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(&(objectclass\=group)(|(CN\=alfresco-group1)(memberOf\=cn\=alfresco-group1,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc)(|(CN\=alfresco-group2)(memberOf\=cn\=alfresco-group2,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc))))

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(|(CN\=alfresco-group1)(memberOf\=cn\=alfresco-group1,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc)(|(CN\=alfresco-group2)(memberOf\=cn\=alfresco-group2,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc)))(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(|(memberOf\=cn\=alfresco-group1,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc)(memberOf\=cn\=alfresco-group2,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(|(memberOf\=cn\=alfresco-group1,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc)(memberOf\=cn\=alfresco-group2,OU\=ORGANIZATION,dc\=youraddomain,dc\=loc))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=ORGANIZATION,dc\=youraddomain,dc\=loc

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=ORGANIZATION,dc\=youraddomain,dc\=loc

# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=sAMAccountName

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=company

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=displayName

# The group type in LDAP
ldap.synchronization.groupType=group

# The person type in LDAP
ldap.synchronization.personType=user

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member

# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true
  • passthru-authentication-context.properties anpassen (/var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties)
passthru.authentication.useLocalServer=false
passthru.authentication.domain=youraddomain
passthru.authentication.servers=YOURADDOMAIN\\firstADsrv.youraddomain.loc,YOURADDOMAIN\\secondADsrv.youraddomain.loc
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
  • Tomcat neustarten

 

0 Kommentare zu “Alfresco Installation unter Debian mit MySQL + AD-Anbindung
1 Pings/Trackbacks für "Alfresco Installation unter Debian mit MySQL + AD-Anbindung"
  1. […] haben mir bei der Installation hauptsächlich diese beiden Anleitungen, sowie dieser Thread im Support-Forum. Den Rest habe ich mir zusammengegoogled. […]

Kommentar verfassen

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.