Hey there! Let's tackle your Alfresco 4.2.c LDAP-AD questions—both the configuration basics and that file merging query—step by step.

一、核心 LDAP-AD 配置要点 #

Whether you use a dedicated ldap-ad-authentication.properties file or merge settings into the global config, these are the key parameters you'll need to get right:

• Enable LDAP-AD in the authentication chain
  This tells Alfresco to use AD as an authentication source. Add this line to your config:

  authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
  

  The order here matters—Alfresco will try authentication sources left to right.

• AD Server Connection Details
  Configure how Alfresco connects to your AD instance:

  # AD server URL (use 636 for LDAPS if needed)
  ldap.authentication.java.naming.provider.url=ldap://your-ad-server:389
  # Bind account with permissions to query AD users/groups
  ldap.authentication.java.naming.security.principal=CN=Your Admin User,OU=Users,DC=yourdomain,DC=com
  # Password for the bind account
  ldap.authentication.java.naming.security.credentials=your-admin-password-here
  

• User & Group Search Paths
  Define where Alfresco looks for users and groups in AD:

  # Format for authenticating users
  ldap.authentication.userNameFormat=CN=%s,OU=Users,DC=yourdomain,DC=com
  # Base DN for user searches
  ldap.synchronization.userSearchBase=OU=Users,DC=yourdomain,DC=com
  # Base DN for group searches
  ldap.synchronization.groupSearchBase=OU=Groups,DC=yourdomain,DC=com
  

• User Sync Configuration
  Set up full and incremental sync to pull AD users/groups into Alfresco:

  # Enable synchronization
  ldap.synchronization.enabled=true
  # Query for full sync (filters out disabled accounts)
  ldap.synchronization.fullSyncQuery=(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  # Query for incremental sync (only pulls changed users since last sync)
  ldap.synchronization.incrementalSyncQuery=(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)(whenChanged>=#{date})))
  

二、Can I copy ldap-ad-authentication.properties content to alfresco-global.properties without extra params? #

Absolutely—you don't need any additional parameters to do this.

Alfresco loads configuration from multiple files at startup, and alfresco-global.properties has a high priority. When you copy all the LDAP-AD settings from the dedicated file into the global one, Alfresco will read and apply those settings exactly as it would from the original file.

A couple of quick notes to keep in mind:

• If there are duplicate config keys in both files, the value in alfresco-global.properties will override the one in ldap-ad-authentication.properties. So make sure you don't have conflicting entries, or keep the version you want in the global file.
• For maintainability, if you have a lot of LDAP-specific settings, keeping them in a separate file can make it easier to manage. But merging into the global file works perfectly fine if you prefer a single central config.

内容的提问来源于stack exchange，提问作者Mohammed tidjane