Alfresco One 5.0 Administering Alfresconcpr.su/sites/default/files/pdf/alfresco_one_5.0_administering... · Alfresco Share opens in a browser. 2. Log in using a user name and password

Alfresco One 5.0

Administering Alfresco

2 Alfresco One 5.0

Contents

Administering.............................................................................................................................5System paths.......................................................................................................................5Starting and stopping Alfresco............................................................................................ 6

Starting the Alfresco server.........................................................................................6Stopping the Alfresco server....................................................................................... 6Starting Alfresco Share................................................................................................6

Using the Admin Console....................................................................................................7About the Alfresco Admin Console............................................................................. 7Launching the Admin Console.................................................................................... 7Admin Console: System Summary..............................................................................8Admin Console: Consoles........................................................................................... 9Admin Console: Email services.................................................................................13Admin Console: General settings..............................................................................16Admin Console: Repository Services........................................................................ 20Admin Console: Support Tools..................................................................................27Admin Console: Authentication directories................................................................28Admin Console: Virtual File Systems........................................................................ 40Starting the Activiti workflow console........................................................................ 42Customizing the Alfresco Admin Console................................................................. 42

Using the Share Admin Tools........................................................................................... 44Opening the Share Admin Tools............................................................................... 44Application settings....................................................................................................44Managing categories..................................................................................................45Using the Node Browser........................................................................................... 46Managing tags........................................................................................................... 47Sites Manager............................................................................................................47Managing replication jobs..........................................................................................48Managing users......................................................................................................... 50Managing groups....................................................................................................... 54

Configuring Alfresco.......................................................................................................... 56Configuration overview.............................................................................................. 57Configuring databases............................................................................................... 65Configuring OpenOffice subsystem........................................................................... 74Configuring synchronization.......................................................................................77Configuring email.......................................................................................................79Configuring file servers..............................................................................................85Configuring IMAP protocol support............................................................................94Configuring system properties...................................................................................98Encrypting configuration properties........................................................................... 99Configuring the repository....................................................................................... 102Configuring Alfresco subsystems............................................................................ 120

Setting up Alfresco authentication and security.............................................................. 124Alfresco security.......................................................................................................125Authentication subsystems...................................................................................... 126Configuring authentication....................................................................................... 129Authorities................................................................................................................ 158Defining permissions................................................................................................160Access Control Lists................................................................................................ 163Modifying access control......................................................................................... 166Public services.........................................................................................................167Implementation and services...................................................................................170Admin password in default authentication...............................................................173

Administering Alfresco 3

Setting up clustering........................................................................................................175Clustering prerequisites when upgrading to Alfresco One 5.0................................ 175Setting up Share cluster..........................................................................................176Setting up repository server cluster.........................................................................180Tracking clustering issues....................................................................................... 183

Configuring search...........................................................................................................184Configuring search in Alfresco Share......................................................................184Solr overview........................................................................................................... 185Configure Solr 4 search service.............................................................................. 187Solr 4 security..........................................................................................................198Solr 4 monitoring and troubleshooting.....................................................................202Solr 4 backup and restore.......................................................................................207Full text search configuration properties for Solr 4 index........................................ 208Using Filtered search...............................................................................................210Setting Solr 4 log4j values...................................................................................... 213Calculate the memory needed for Solr 4 nodes......................................................213Transactional metadata query................................................................................. 215

Setting up Enterprise to Cloud Sync...............................................................................219Enterprise to Cloud Sync overview......................................................................... 219Configuring Enterprise to Cloud Sync..................................................................... 220Troubleshooting Enterprise to Cloud Sync..............................................................221

Managing transformations............................................................................................... 224Standard transform options..................................................................................... 224Additional transform options.................................................................................... 284File types that support preview and thumbnail generation...................................... 290

Creating and managing workflows.................................................................................. 293What is a workflow?................................................................................................ 293Setting up Hybrid workflow......................................................................................295Workflow architecture.............................................................................................. 296Workflow tools..........................................................................................................299Process definitions...................................................................................................299Task model.............................................................................................................. 305Setting up Activiti Designer..................................................................................... 308Deploying the task model........................................................................................ 309Deploying a process definition................................................................................ 309

Backing up and restoring................................................................................................ 309Backing up and restoring the repository..................................................................309

Migrating.......................................................................................................................... 310Migrating servers..................................................................................................... 310

Using the Bulk Import tool...............................................................................................311In-place bulk import................................................................................................. 311Streaming Bulk Import............................................................................................. 312Preparing the file system.........................................................................................312Importing with the Bulk Import tool..........................................................................314

Using content stores........................................................................................................320Content stores overview.......................................................................................... 320Content store types................................................................................................. 321Content store selector............................................................................................. 335Managing content stores......................................................................................... 338

Configuring templated nodes and space templates........................................................ 339Setting files as templates........................................................................................ 340Setting folders as templates.................................................................................... 340

Setting up Alfresco multi-tenancy....................................................................................340Enabling multi-tenancy.............................................................................................340

4 Alfresco One 5.0

Multi-tenancy administration.................................................................................... 341Features not supported in a multi-tenant environment............................................342

Setting up content replication..........................................................................................342Configuring content replication................................................................................ 342Creating a new transfer target for content replication............................................. 343Opening locked content in the source repository.................................................... 343

Configuring the File System Transfer Receiver.............................................................. 344Setting up the File System Transfer Receiver.........................................................344Start File System Transfer Receiver....................................................................... 344File System Transfer Receiver launch properties................................................... 345File System Transfer Receiver custom properties.................................................. 345File System Transfer Receiver log file properties................................................... 346

Monitoring Alfresco.......................................................................................................... 346JMX monitoring and management extensions........................................................ 346Scheduled jobs........................................................................................................ 347

Auditing Alfresco..............................................................................................................347Audit configuration and environment.......................................................................349Audit filters............................................................................................................... 349Content auditing.......................................................................................................351Audit sample files.................................................................................................... 356Enabling auditing..................................................................................................... 356Auditing examples....................................................................................................358Audit configuration files........................................................................................... 359Built-in data producers.............................................................................................360DataExtractors and DataGenerators....................................................................... 360Locating the audit code........................................................................................... 361Defining the audit application.................................................................................. 362Simple audit query...................................................................................................363Advanced audit query..............................................................................................365Understanding PathMappings..................................................................................365Audit recording values............................................................................................. 367Using values that have changed in a post method call...........................................369

Administering


Administering

This section describes the processes and procedures for maintaining and administering anAlfresco production environment.

System paths

• Explicit Windows paths use back slashes

C:\Adirectory

• Explicit Linux paths use forward slashes

/srv/adirectory

• Back slashes also indicate the same path can apply in both Windows or Linuxenvironments

\adirectory\

Alfresco installation location

The Alfresco installation directory is referenced throughout this guide as .

directory (Windows)

The is a directory whose contents are automatically added to the start of yourapplication server classpath. The location of this directory varies depending on your applicationserver. For example:

• (Tomcat) C:\Alfresco\tomcat\shared\classes

directory (Linux)

The is a directory whose contents are automatically added to the start of yourapplication server classpath. The location of this directory varies depending on your applicationserver. For example:

• (Tomcat) tomcat/shared/classes/

alfresco-global.properties file

The alfresco-global.properties file is where you store all the configuration settings for yourenvironment. The file is in Java properties format, so backslashes must be escaped. The fileshould be placed in . When you install Alfresco using the setup wizard, analfresco-global.properties file is created, which contains the settings that you specified inthe wizard. An alfresco-global.properties.sample file is supplied with the setup wizard andalso with the WAR zip file. This .sample file contains examples of common settings that you cancopy into your alfresco-global.properties file.

directory

The directory is where you store Spring configuration files that extend andoverride the system configuration. This directory can be found at \alfresco\extension.

Administering

6 Alfresco One 5.0

The directory is where you store Spring configurations that extend and overridethe system Share configuration. This directory can be found at \alfresco\web-extension.

The directory is the Solr home directory which contains the Solr core directoriesand configuration files. This directory can be found at \solr4.

Starting and stopping AlfrescoThis section describes how to run the Alfresco server and Share.

Starting the Alfresco server

• If you installed Alfresco as a service, from the Start menu, select All Programs >Alfresco One > alfresco manager tool, and start the Tomcat Server and Postgresservices.

• Alternatively, from a command prompt, navigate to the Alfresco installation directory (C:/Alfresco) and run servicerun START.

You need administrator rights to run this command.

These services are also available from the Start menu under Control Panel > Systemand Security > Administrative Tools > Services.

• If you installed Alfresco as a service, double click the Application Manager tool in theAlfresco root directory and start the PostgreSQL Database and Tomcat Server services.

• Alternatively, browse to /opt/alfresco/ and run ./alfresco.sh start as anadministrator.

If you installed Alfresco using the setup wizard, the alfresco.sh script included inthe installation disables the Security-Enhanced Linux (SELinux) feature across thesystem.

The default shell for this script is sh. You can edit the alfresco.sh file to change toyour preferred shell. For example, change the #!/bin/sh line to #!/bin/bash.

Stopping the Alfresco server

• (Windows)

• Open the Control Panel Services window and stop the following services:

• alfrescoPostgreSQL

• alfrescoTomcat

• Click the Start menu, and select All Programs > Alfresco Enterprise > AlfrescoEnterprise Service > Stop Alfresco Enterprise service.

The command prompt that opened during startup closes. Alfresco has now stopped.

• (Linux) Browse to /opt/alfresco/, and run ./alfresco.sh stop.

Starting Alfresco Share

Once you have installed Alfresco, you can start Alfresco Share using a browser.

Administering


1. Browse to the location of your Alfresco installation.

For example, http://:8080/share.

In Windows, alternatively, you can click the Start menu, and select All Programs >Alfresco Enterprise > Alfresco Share.

Alfresco Share opens in a browser.

2. Log in using a user name and password.

Using the Admin ConsoleThe Admin Console is an Enterprise only application that gives you control over the managementand settings of the Alfresco environment.

You'll find help text on the Admin Console pages to assist you with setting up your Alfrescorepository.

About the Alfresco Admin ConsoleThe Alfresco Admin Console is a standalone console for managing the administration of theAlfresco repository.

The Admin Console is a tool comprising separate pages that identify a particular administrativeactivity or feature. The pages in the Admin Console are:

• System Summary

• Email Services

• General

• Repository Services

• Support Tools

• Authentication directories

• Virtual File Systems

You can use the Admin Console as your main tool to help you manage your Alfresco productionenvironment. It is a simple alternative to using a JMX console, or manually setting properties inthe alfresco.global.properties file.

The settings that you choose in the Admin Console will take precedence over any setting that youadd in the alfresco.global.properties file.

Launching the Admin ConsoleEnsure that the Alfresco server is running.

1. Enter the following URL in a browser window:http://:/alfresco/service/enterprise/admin

Where is the host name where you are running the Alfresco serverand is the port number on which the Alfresco server is running (bydefault, the port number is 8080).

An Authentication Required prompt displays, showing the IP address or name and theport number of the Alfresco server.

2. Enter your Alfresco user name and password.

Your user name and password must be for an account with administrator permissions.

The Admin Console displays in a browser window. The title bar shows the host name andits IP address.

Administering

8 Alfresco One 5.0

You will remain logged into the Admin Console for the duration of the browser session. Ifyou close the browser window completely and then connect to the Admin Console usingthe URL, you will be prompted to enter your Alfresco account details again.

A useful starting point in the Admin Console is the System Summary page, which gives anoverview of the which settings are enabled or disabled.

Admin Console: System SummaryThe System Summary page shows an overview of the status of the Alfresco repository, includingthe general system information, subsystem status, clustering settings, the current authenticationchain, and details of which AMPs are applied to the system.

There are no actions or entry fields on the System Summary page. This page is a high-leveloverview of the setting you have chosen or are set as default on the repository.

The overview is divided into the following sections:

• System information

• File Systems

• Transformation Services

• Indexing Subsystem

• Repository Clustering

• Activities Feed

• Authentication

• Email

• Auditing Services

• Content Stores

• Alfresco Module Packages

• Users and Groups

System Information

The System Information summary shows the general details of the Alfresco installation. Thisinformation is useful for confirming the Alfresco installation details, Java installation details, thehost operating system specification and memory details.

File Systems

The File Systems summary shows the settings from the File Servers page. See Enabling FileServers for more information.

Transformation Services

The Transformation Services summary shows the settings from the Transformation Servicespage. See Working with the Transformation Services for more information.

Indexing Subsystem

The Indexing Subsystem summary shows the settings from the Search Service page. SeeWorking with the Search Service for more information.

Repository Clustering

The Repository Clustering summary shows the settings from the Repository Server Clusteringpage. See Repository Server Clustering for more information.

Activities Feed

Administering


The Activities Feed summary shows the settings from the Activities Feed page. See Setting theActivities Feed for more information.

Authentication

The Authentication summary shows the settings from the Directory Management page, inparticular, the current authentication chain. See Managing authentication directories for moreinformation.

Email

The Email summary shows the settings from the Inbound Email and Outbound Email pages. SeeManaging inbound emails and Managing outbound emails for more information.

Auditing Services

The Auditing Services summary indicates the status of auditing in Alfresco.

Content Stores

The Content Stores summary lists the location of the default content stores.

Alfresco Module Packages

The Alfresco Module Packages summary identifies which modules have been applied against thisinstance of Alfresco.

Users and Groups

The Users and Groups summary shows the number of individual users and groups within thesystem.

Admin Console: ConsolesThe Consoles section on the Admin Console contains pages for administering models, tenants,and workflow definitions and property bundles at runtime in the repository.

Admin Console: Model and Messages Console

The administrator can manage repository models and message resource bundles using theModel and Messages Console.

1. Open the Admin Console.

2. In the Consoles section, click Model and Messages Console. You see the Model andMessages Console page.

3. Perform the following as required for administering models:

a. To list all deployed models that are stored in the repository data dictionary, type showmodels.

b. To upload model to repository and load into runtime data dictionary, type deploymodel.

This command also sets the repository model as active. If a model is alreadydeployed, then it will be updated and re-deployed.deploy model alfresco/extension/exampleModel.xml

c. To permanently delete model from repository (all versions) and unload from runtimedata dictionary, type undeploy model.undeploy model exampleModel.xml

d. To set repository model to active and load into runtime data dictionary, type activatemodel.activate model exampleModel.xml

Administering

10 Alfresco One 5.0

e. To set repository model to inactive and unload from runtime data dictionary, typedeactivate model.deactivate model exampleModel.xml

4. Perform the following as required for administering message resource bundles:

a. To list all deployed message resource bundles that are stored in the repository datadictionary, type show messages.

b. To upload message resource bundle to repository and runtime message service, typedeploy messages.deploy messages alfresco/extension/lifecycle-messages

c. To remove message resource bundle from repository and from runtime messageservice, type undeploy messages.undeploy messages lifecycle-messages

d. To reload message resource bundle from repository into runtime message service,type reload messages.reload messages lifecycle-messages

Managing tenants


2. In the Consoles section, click Tenant Console. You see the Tenant Console page.

3. Perform the following as required:

a. To list all tenants and show their details, type show tenants.

b. To show details for a single tenant, type show tenant .

This shows the status (for example, whether it is enabled or disabled) and the rootcontent store directory.

c. To create a tenant, type create [].

For example, create zzz.com l3tm31n /usr/tenantstores/zzz

This creates an empty tenant. By default the tenant will be enabled. It will have anadministrator user called admin@ with the supplied password.All users that the administrator creates can log in using @. The root of the contentstore directory can be optionally specified. If it isnot specified, or does not exist, the repository default root content store will be used(as specified by the dir.contentstore property). Specifying a unique content storeroot for each tenant is recommended to keep the tenants properly separated, forexample, to allow the backup and restore of individual tenants.

d. To enable a tenant, type enable .

This enables the tenant so that it is active and available for new logins.

e. To disable a tenant, type disable .

This disables the tenant so that it is inactive and prevents tenant login.

Admin Console: Workflow Console

The administrator can manage workflows, including testing of newly developed workflows usingthe Workflow Console. It also supports the debugging/diagnosis of current in-flight workflows.

The Workflow Console must not be used to terminate in-flight WCM workflows. Doing sodoes not clean up the workflow sandboxes or locked content, leaving the Web Project in aninconsistent and unrecoverable state.


Administering


2. In the Consoles section, click Workflow Console. You see the Workflow Console page.

3. Perform the following commands as required for managing workflows:

a. To output the contents of the file located at , type showfile .

where is the class path to workflow definition file.

b. To deploy workflow definition to Alfresco server, type deploy .

where is the name of workflow engine (jbpm or activiti) and is the class path to workflow definition.

c. To redeploy the last workflow definition, type redeploy.

d. To list the latest deployed workflow definitions or display all workflow definitions(including previous versions) with the additional keyword all, type showdefinitions [all].

e. To use the workflow definition identified by , type use definition[].

If you use use definition [] instead, the currently selected workflow definition isshown.

f. To undeploy the latest version of the workflow definition identified by, type undeploy definition .

This will also terminate and remove all in-flight workflows associated with thedefinition. Do not use this function with WCM workflows unless there are no in-flightworkflows for this definition.

If multiple versions of the definition exist, you will need to undeploy each version inturn to remove the definition completely or issue the undeploy definition namecommand.

g. To undeploy all versions of a workflow definition, type undeploy definition name.

Just like undeploy definition, all in-flight workflows associated with each versionare terminated. Remember not to use this function with WCM workflows unless thereare no in-flight workflows for this definition.

4. Perform the following commands as required for managing variables:

The following variables are defined automatically when the console starts. They may bedeleted or modified.

• var bpm:package package 1 (test package of one document)

• var bpm:assignee person admin (test assignee who is admin)

a. To show all defined variables, type var.

b. To define or update a variable, type var [*]=.

where:

• is the variable name

• [*] defines a collection (if specified)

• is the variable value (comma-separated list of values)

var bpm:assignee*=admin,fredvar wf:notifyMe=true

c. To define or update a (cm:person) node ref variable, type var [*]person .

Administering

12 Alfresco One 5.0

where:




var bpm:assignee* person admin,fred

d. To define or update a (usr:authorityContainer) node ref variable, type var[*] group .

where:




var bpm:groupAssignee group GROUP_Engineering

e. To define or update a (bpm:workflowPackage) node ref variable, type var package .var bpm:package package 4

A new workflow package is created containing content items.

f. To delete an existing variable, type var =.

5. Perform the following commands as required for managing workflows:

a. To start a new workflow using the currently selected workflow definition, type start[]]*.start bpm:assignee=david wf:predefined

b. To display a list of active workflows for the currently selected workflow definition, typeshow workflows [all].

This command display a list of all workflows (latest and previous versions of processdefinitions) when used with the additional keyword all.

c. To use the specified , type use workflow .

d. To describe the specified , type desc workflow .

e. To display the workflow paths for the specified , type show paths[].

If is omitted, the paths for the currently started workflow are shown.

f. To describe the specified , type desc path .

This command includes the list of properties associated with the path.

g. To display all available transitions for the specified , type showtransitions [].

If is omitted, the transitions for the currently started workflow areshown.

h. To signal transition on specified , type signal [].

If is omitted, the default transition is taken.

i. To fire an event of custom eventtype against the specified path, type event .

j. To fire an event of custom eventtype against the specified path, type event .

Administering


k. To end (cancel) the specified , type end workflow .

l. To force deletion of the specified , type delete workflow.

Do not use this function with WCM workflows.

m. To force deletion of all in-flight workflows, type delete all workflows.

Do not use this function with WCM workflows.

6. Perform the following commands as required for managing workflow timers:

a. To display a list of active timers for the currently selected workflow definition, typeshow timers [all].

This command displays a list of all timers when used with the additional keyword all.

7. Perform the following commands as required for managing tasks:

a. To list tasks assigned to the currently selected user, type show my tasks.

b. To list tasks completed by the currently selected user, type show my completed.

c. To list tasks in a pool for the currently selected user, type show my pooled.

d. To list the tasks associated with the specified workflow , type show tasks[].

If is omitted, the tasks associated with the currently selected workflow pathare shown.

e. To describe the task identified by user, type desc task .

f. To update the state of the specified , type update task []]*.

Task properties are provided as name/value pairs or references to pre-definedvariables.update task jbpm$122 bpm:assignee=fred wf:notifyMe=false

g. To end the task identified by , type end task [].

If is omitted, the default transition is taken.

h. To query for tasks, type query task [predicate]*.

If no predicates are provided, all in-progress tasks are returned (across all activeworkflows).

Admin Console: Email services

The Email section on the Admin Console contains pages for configuring email servers.

Admin Console: Managing inbound emails

Set these inbound email properties to activate sending and receiving site invites, and also forreceiving activity notification emails.


2. In the Email Services section, click Inbound Email.

You see the Inbound Email page.

3. Set the email properties:

Administering

14 Alfresco One 5.0

Inbound Email property Example setting What is it?

Enabled No Use check box to enable ordisable the inbound emailservice. By default, it is notenabled.

Unknown User anonymous This is the user name toauthenticate as when thesender address is notrecognized.

Allowed Senders .* To allow senders, entera comma-separated listof email REGEX patterns ofallowed senders. If there areany values in the list, thenall sender email addressesmust match. For example:.*\@alfresco\.com, .*\@alfresco\.org.

Overwrite Duplicates Yes By default, duplicate messagesto a folder will overwrite eachother. Deselect this check boxto keep duplicate messagesand apply a unique number.

Maximum ServerConnections

3 This provides the maximumnumber of connectionsallowed in order to control theperformance of the system. Toprioritize the email subsystemhigher, increase this number.The default setting is 3.

SMTP AuthenticationEnabled

No Use this check box to enableor disable the authenticationof inbound email against therepository.

Email Server Port 25 This is the default port numberfor the email server.

Email Server Domain alfresco.com This is the default domain forthe email server.

Blocked Senders To block senders, enter acomma-separated list ofemail REGEX patterns,for example: .*\@hotmail\.com, .*\@googlemail\.com.If the sender email addressmatches a listed value, thenthe message will be rejected.

Email Authentication Group EMAIL_CONTRIBUTORS This is the name of thegroup in which usersmust be a member to addcontent to the repository byemail. The default group isEMAIL_CONTRIBUTORS.

Administering



Transport Layer Security(TLS)

Enabled This enables the TLS protocol,which upgrades a plain textconnection to an encryptedTLS or SSL connection insteadof using a separate port forencrypted communication.Select the TLS support setting:

• Disabled: TLS supportis disabled

• Hidden: On the EHLOcommand, serversupport for TLS ishidden, though TLS willstill be accepted if theclient uses it

• Enabled: On the EHLOcommand, serversupport for TLS isannounced

• Required: TLSauthentication isrequired

4. Click Save to apply the changes you have made to the properties.

If you do not want to save the changes, click Cancel.

Admin Console: Managing outbound emails


2. In the Email Services section, click Outbound Email.

You see the Outbound Email page.

3. Set the email properties:

Outbound Email property Example setting What is it?

Hostname smtp.example.com This is the name of theSMTP(S) host server.

Encoding UTF-8 This is the email encodingtype. The default is UTF-8.

Editable Sender Address This check box enables theFrom field in outbound emailsto be edited to differ from theDefault Sender's Address.When you deselect this checkbox, the Default Sender'sAddress is always used. Youshould deselect this optionif your email server securitysettings require the From fieldto match the user name usedfor email server authentication.

Email Server Port 25 This is the default port numberfor the email server.

Administering

16 Alfresco One 5.0

Outbound Email property Example setting What is it?

Default Sender's Address [email protected] The default address thatis used in the From fieldof outbound emails if noalternative is available.

Email Protocol SMTP Select a protocol from the list.This is the protocol that will beused when sending email.

Username anonymous The account user namethat connects to the SMTPserver. The user name andpassword are only required ifyour server requires them forauthentication.

Password The account user password.



Admin Console: General settings

The General section on the Admin Console contains pages for manging your Alfresco license,viewing information about the repository, and the system settings.

Uploading a new license

The access and use of Alfresco is managed by your license. The license is a file that you uploadinto Alfresco, which sets limits on the maximum number of users and a maximum number ofcontent objects that you can use. Your limitations are set when you purchase the license fromAlfresco. To increase the limitations, contact Alfresco to obtain a new license.

You will receive an email confirming the purchase of your license, and a license file is attachedto the email. The license file has a filename of .lic. You use this license file toupload the license restrictions into your system.

Before you upload a new license, ensure that Alfresco is running and that you can access theAdmin Console. When you first run Alfresco, it defaults to using a 30-day trial license. You mustupload your purchased license to run the Alfresco server before the trial period has expired.

1. Copy the license file to the directory in which Alfresco is installed.

For example, on Windows, copy the file to the C:\Alfresco directory; on Linux, copy thefile to /opt/alfresco-x.x.x.


3. In the General section, click License.

4. In the License Management section, choose from where you want to upload the licensefile.

There are two options for storing the Alfresco license:

Upload License which allows you to locate a license file anywhere on your system.

a. Click Upload License.

You can then locate and select the license file from the directory structure.

b. Select the file, and then click Upload.

Administering


The new license will be applied to the repository. This will take precedence overlicense files on the file system. You might also need to restart the server to enable anyfeatures added in the new license.

Apply New License which automatically applies a license file that is stored in the Alfrescoinstall directory.

a. Click Apply New License.

This applies a new license that is stored on the file system. This option will not applythe license if the server has a license uploaded to the repository.

When you have uploaded your license, the .lic file is automatically renamed to .lic.installed.

When your license is about to expire, you must purchase a new license and upload it to yoursystem. When you purchase further licenses, repeat the same steps using the new license file.

An Alfresco license is unique to a specific version of Alfresco. When you upgrade to a newversion of Alfresco, you will need to install a new license.

Repository information


2. In the General section, click Repository Information.

You see the Repository Information page showing the details of your Alfrescoinstallation.

System settings


2. In the General section, click System Settings.

You see the System Settings page showing the details of your Alfresco installation.

3. Set the Alfresco Repository Settings properties:

These properties are read-only and are set in the alfresco-global.properties file only.See the properties starting with alfresco. in sysAdmin subsystem properties on page98.

Administering

18 Alfresco One 5.0

Alfresco Repository Settingsproperty

Example setting What is it?

Repository Context alfresco This property specifies thecontext path of the Alfrescoweb application URL. Thedefault value is alfresco. Thecontext path is the path thatis used by applications (forexample, IMAP, SharePoint,and email) to access Alfresco.If you change this value, itmust be defined with thesame name as the Alfrescodirectory name specifiedby your application server.For example, if you areusing Tomcat, this is the /webapps/alfresco directoryin Tomcat, where alfresco isthe name of the proxy serveror specific server that you areusing.

Repository Hostname ${localname} This property is the host nameof the Alfresco web applicationthat is used by externalapplications. Alfresco attemptsto auto-detect the host name inplace of ${localname}. If auto-detection fails, ${localname} isreplaced with the IP address.

Server Allow Writes true Write access is permitted tothe repository, as long as theAlfresco license is valid.

Protocol http This property is the protocolcomponent of the Alfresco webapplication. The default is http.If you require HTTPS supportyou will need to configure thisin the host application server.

Port 8080 This property is the portnumber of the Alfrescoweb application URL thatis resolved by externalapplications. The default is8080.

4. Set the Server Settings properties:

Administering


Server Settings property Example setting What is it?

Allowed Users This property allows you tospecify which users can log in.By default, all users can login. Enter a comma-separatedlist of users to allow only thoseusers to log in. If you do notinclude the administrator usersetting up this list (that is, thecurrent user), then this willadded automatically.

Maximum Users -1 The maximum number ofsimultaneous users allowedto log in. The default value -1allows an unlimited number ofusers.

5. Set the Share Application Settings properties:

Share Application Settingsproperty


Share Context share This property sets the contextpath of the Share webapplication URL. The default isshare. You can set this contextto a name that is appropriatefor your instance of Alfresco.

Protocol http This property sets the protocolfor the Share web application.The default is http. HTTPSsupport requires additionalconfiguration within the hostapplication server.

Share Hostname 127.0.0.1 This property sets theexternally resolvable hostname of the Share webapplication URL. The defaultvalue is ${localname}.

Port 8080 This property sets theexternally resolvable portnumber of the Alfresco webapplication URL. The default is8080.

Site Public Group GROUP_EVERYONE This property is the nameof the group that controlsuser to access Publicsites. The default isGROUP_EVERYONE, whichcontains all users.



Administering

20 Alfresco One 5.0

Admin Console: Repository Services

The Repository Services section on the Admin Console contains pages for setting the Activitiesfeed, the clustering tool, setting which workflow engine is in use, enabling replication, enablingand setting the search service, and controlling the Subscription and Transformation services.

The repository Admin Console is for managing individual repository servers and must notbe accessed through a load balancer.

Activities Feed


2. In the Repository Services section, click Activities Feed.

You see the Activities Feed page.

3. Set the activities properties:

Activities Feed property Example setting What is it?

Activity Feed Enabled Yes This enables or disablesactivity notifications to usersusing email.

Frequency CROMExpression

0 0 0 * * ? This specifies a cronexpression which defines thefrequency with which users willreceive Activities Feed emails.Emails are only sent if thereare new activities since the lastemail. By default this is every24 hours at midnight.

Maximum Number 100 The maximum number ofactivities that are reported onin the Activities dashlets andActivities Feed emails.

Maximum Age (mins) 44640 This is the maximum ageof the activities shown inthe Activities Feed emails.Activities older than themaximum age are not shown.The default setting is 44640 (a31-day month).



Admin Console: Repository server clustering

Servers connected to the same database instance are usually clustered automatically. In mostcases no additional configuration is necessary.


2. In the Repository Services section, click Repository Server Clustering.

You see the Repository Server Clustering page.

3. Set the clustering properties:

For Host Server:

Administering


Clustering property Example setting What is it?

Server Name ip-x-x-x-x This specifies the name ofthe host server that you arecurrently connected to.

Cluster Yes This shows if clustering isenabled or disabled. You needto have a correct license toenable clustering.

IP Address x.x.x.x This specifies the IP address ofthe server.

Cluster ID Yes This specifies the unique id ofthe server.

For Cluster Members: Server Details


Server ip-x-x-x-x This specifies the server nameof the cluster member.

IP x.x.x.x This specifies the IP address ofthe server.

Port 5701 This specifies the port numberof the server.

Last Registered 02-Oct-2013 12:48:37 This specifies the date andtime when the cluster memberwas last started.

Number of Members 1 This specifies the total numberof members in the cluster.

For Offline Cluster Members: Server Details


Server ip-x-x-x-x This specifies the server nameof a previously clustered servermember that is no longer amember of the cluster.

IP x.x.x.x This specifies the IP address ofthe offline server.

Port 5701 This specifies the port numberof the offline server.

Last Registered 02-Oct-2013 12:48:37 This specifies the date andtime when the offline clusterserver was last started.

4. Click Remove from list to decommission a particular cluster member.

The offline cluster member no longer appears in the Offline Cluster Members list.

5. Set the clustering properties for Connected Non-Clustered Server(s):

In exceptional cases, an Alfresco server may be connected to the same database as othercluster members, and yet it may not be a member of the repository cluster. In other words,it will have clustering disabled. Such a server is called connected non-clustered server.

Administering

22 Alfresco One 5.0


Server ip-x-x-x-x This specifies the name of theserver.

IP x.x.x.x This specifies the IP address ofthe server.

6. To check if clustering is working properly, click Validate Cluster.

You see the Cluster Validation page. This page shows the validation results for a cluster.

Cluster validation performs a check to ensure that communication between the clustermembers is working correctly. For a cluster to be considered validated, all clustermembers should show success status. If one server fails in a two-server cluster, then boththe servers will be marked as failed.

7. Click Close.

Admin Console: Enabling workflow process engines

In previous versions of Alfresco, a jBPM workflow engine was available. Although this processengine is still shipped with the installation, Alfresco recommends that you use the Activiti workflowengine for all new workflows.

In a new Alfresco installation, jBPM is disabled by default. If you have existing, migrated jBPMworkflows that you wish to continue using, you must enable the jBPM workflow engine.


2. In the Repository Services section, click Process Engines.

You see the Process Engines page.

3. View the Activiti Workflow Engine properties:

Activiti Workflow Engineproperty


Activiti Workflow Enabled enabled Enables or disables theActiviti workflow engine. Thisworkflow engine is enabled bydefault. When using only newworkflows, you do not need tochange any of the settings onthis page.

Process Definitions Visible enabled Specifies whether the Activitiprocess definitions areavailable to users.

The other items in this section show the Activiti engine status details:

Activiti Workflow Enginestatus


Currently Running ProcessInstances

0 Specifies the number of Activitiprocess definitions running inthe system.

Currently Running TaskInstances

0 Specifies the number ofActiviti-defined tasks running inthe system.

Process DefinitionsDeployed

1 Specifies the number of Activitiprocess definitions deployed.

Administering


4. Enable the jBPM Workflow Engine for migrated workflows.

jBPM Workflow Engineproperty


jBPM Workflow Enabled enabled Enables or disables thejBPM workflow engine. Thisworkflow engine is disabledby default. Set to enabled tocontinue using migrated jBPMworkflows.

Workflow Definitions Visible enabled Specifies whether the jBPMworkflow definitions areavailable to users.

5. For creating your own, more complex workflow definitions, click the Activiti WorkflowConsole link.

For more information on creating workflow definitions, see Creating and managingworkflows.



Admin Console: Working with the replication service

The Replication Service page in Admin Console displays the settings to enable or disable thereplication service and to control permissions.

The replication service allows content to be replicated (transferred) between distinct Alfrescorepositories. For more information, see Managing replication jobs.

Replication service property Example setting What is it?

Replication Enabled disabled Enables or disables the abilityto replicate content from thisrepository.

Replicate Read Only enabled Enables or disables thepermission settings for replicas inthe target repository. The defaultsetting is enabled, which sets thereplicas as read-only. Replicasare normally read-only to enforceintegrity. This option shouldonly be disabled for specific usecases.

Working with the Search Service

The Search Service page in Admin Console enables you to manage and monitor the searchservice you want to use in Alfresco.

The Admin Console enables you to configure the Solr 4 search service using configurationproperties.

Configuring the Solr 4 search service


2. In the Repository Services section, click Search Service.

You see the Search Service page.

3. In the Search Service section, select Solr 4 from the Search Service In Use list.

Administering

24 Alfresco One 5.0

4. Set the Solr 4 search service properties:

Solr search property Example setting What is it?

Content Tracking Enabled Yes This specifies that Solr 4 canstill track with the No Indexsearch enabled. This settingcan be used to disable Solr4 tracking by separate Solrinstance(s) configured to trackthis server.

Solr Port (Non-SSL) 8080 This specifies the applicationserver's http port (non-secure)on which Solr 4 is running.This is only used if Solr 4is configured to run withoutsecure communications.

Solr base URL /solr4 This specifies the base URL forthe Solr 4 web application.

Solr Hostname localhost This specifies the hostnameon which the Solr 4 serveris running. Use localhost ifrunning on the same machine.

Solr SSL Port 8443 This specifies the applicationserver's https port on whichSolr 4 is running.

Auto Suggest Enabled 0 This specifies that the Solr4 auto-suggest feature isenabled. This feature presentssuggestions of popular queriesas a user types their query intothe search box or text box.

Indexing in Progress No This specifies if Solr 4 iscurrently indexing outstandingtransactions.

Last Indexed Transaction 17 This specifies the transactionID most recently indexed bySolr 4.

Approx Index TimeRemaining

0 Seconds This specifies the estimatedtime that Solr 4 will take tocomplete indexing the currentoutstanding transactions.

Disk Usage (GB) 0.001748 This specifies the disk spaceused by the latest versionof the Solr 4 index. Allowat least double this valuefor background indexingmanagement.

Index Lag 0 s This specifies the time thatindexing is currently behind therepository updates.

Approx Transactions toIndex

0 This specifies the estimatednumber of outstandingtransactions that requireindexing.

Administering



Memory Usage (GB) 0 This specifies the currentmemory usage. The valuemay vary due to transientmemory used by backgroundprocessing.

Indexing in Progress No This specifies if Solr 4 iscurrently indexing outstandingtransactions.

Last Indexed Transaction 17 This specifies the transactionID most recently indexed bySolr 4.

Approx Index TimeRemaining

0 Seconds This specifies the estimatedtime that Solr 4 will take tocomplete indexing the currentoutstanding transactions.

Disk Usage (GB) 0.000034 This specifies the disk spaceused by the latest versionof the Solr 4 index. Allowat least double this valuefor background indexingmanagement.

Index Lag 0 s This specifies the time thatindexing is currently behind therepository updates.

Approx Transactions toIndex

0 This specifies the estimatednumber of outstandingtransactions that requireindexing.

Memory Usage (GB) 0 This specifies the currentmemory usage. The valuemay vary due to transientmemory used by backgroundprocessing. The value does notinclude Lucene related caches.

Backup Location (Main Store) ${dir.root}/solr4Backup/alfresco This specifies the locationwhere the index backup for themain WorkspaceStore is storedon the Solr 4 server.

Backup Cron Expression(Main Store)

0 0 2 * * ? This specifies a unix-likeexpression, using the samesyntax as the cron command,that defines when backupsoccur. The default value is 0 02 * * ? meaning the backup isperformed daily at 02.00.

Backups To Keep (MainStore)

3 This specifies the number ofbackups to keep (including thelatest backup).

Backup Location (ArchiveStore properties)

${dir.root}/solr4Backup/archive This specifies the locationwhere the index backup forArchiveStore is stored on theSolr 4 server.

Administering

26 Alfresco One 5.0


Backup Cron Expression(Archive Store properties)

0 0 4 * * ? This specifies a unix-likeexpression, using the samesyntax as the cron command,that defines when backupsoccur. The default value is 0 04 * * ? meaning the backup isperformed daily at 04.00.

Backups To Keep (ArchiveStore properties)

3 This specifies the number ofbackups to keep (including thelatest backup).

CMIS Query Use database if possible This specifies the default modewhich defines if and when thedatabase should be used tosupport a subset of the CMISQuery Language.

Alfresco Full Text Search Use database if possible This specifies the default modewhich defines if and whenthe database should be usedto support a subset of theAlfresco Full Text Search.



Configuring No Index search service


2. In the Repository Services section, click Search Service.

You see the Search Service page.

3. In the Search Service section, select No Index from the Search Service In Use list.

4. Set the No Index search service properties:


Content Tracking Enabled Yes This specifies that Solr canstill track with No Index searchenabled. This setting can beused to disable Solr trackingby separate Solr instance(s)configured to track this server.

CMIS Query Use database if possible This specifies the default modewhich defines if and when thedatabase should be used tosupport a subset of the CMISQuery Language.

Alfresco Full Text Search Use database if possible This specifies the default modewhich defines if and whenthe database should be usedto support a subset of theAlfresco Full Text Search.



Administering


Admin Console: Enabling the subscription service


2. In the Repository Services section, click Subscription Service.

You see the Subscription Service page.

3. Use the Enabled check box to choose whether to enable or disable the Follow feature forall users:

• Select the check box to enable subscriptions

• Deselect the check box to disable subscriptions

The Enabled check box is selected by default. This allows users to follow other users andthen filter activities according to who they are following. If you disable subscriptions, userswill not be able to follow users and they will not see the activities. For example, on the MyProfile page, the I'm Following and Following Me options are not visible.



Admin Console: Transformation services


2. In the Repository Services section, click Transformation Services.

You see the Transformation Services page.

3. Set the Office Transform - JODConverter properties.

Property Example setting What is it?

JODConverterEnabled

No This enables or disables theJODConverter for transformations.

Max Tasksper Process

200 This is the maximum number of tasksthat can be performed concurrently.

Office SuiteLocation

/Applications/alfresco-5.0.0/libreoffice.app/Contents

This shows the directory path locations ofOpenOffice.org or LibreOffice.

Port Numbers 8100 This is the port number thatJODConverter uses. To enable multipleprocess instances, enter a comma-separated list of port numbers, all ofwhich must be available.

TaskExecutionTimeout

120000 This is the duration in milliseconds afterwhich a task will timeout.

Task QueueTimeout

30000 This is the duration in milliseconds afterwhich a the task queue will timeout.



Admin Console: Support Tools

The Support Tools section on the Admin Console contains the page for exporting the systeminformation to a zip file.

Administering

28 Alfresco One 5.0

Admin Console: Exporting system settings


2. In the Support Tools section, click Download JMX Dump.

You see the Download JMX Dump page.

3. Click Export and then click OK.

This will export the system information (JMX dump) and then download the zip file to yourlocal machine.

Admin Console: Authentication directories

The Directories section on the Admin Console contains the page for defining authenticationof Alfresco users and groups, including access to external directory services and setting upauthentication chains.

Managing authentication directories

The Directory Management page provides an interface for you to:

• create, configure and manage internal Alfresco directories, OpenLDAP and ActiveDirectory

• configure authentication chain options for services, such as CIFS and browser SSO

• test connections to various services before activating them in the authentication chain

• manage common user synchronization settings

• easily set up directory services for Alfresco without using property files

Managing the authentication chain


2. In the Directories section, click Directory Management.

You see the Directory Management page.

3. In the Authentication Chain section, specify the name of the new directory in the Name:field.

4. Specify the authentication subsystem type from the Type: menu.

If you have an External authentication type, the relevant directory will always appearas the first item in the chain.

5. Click Add.

The new authentication chain appears in the table.

The Authentication Chain table has the following fields:

• Order: Use the up and down arrows to reorder the authentication chain.

• Name: Specifies the name of the authentication chain.

• Type: Specifies the authentication subsystem type, such as OpenLDAP, ActiveDirectory, Passthru, Kerberos, and External.

• Enables: Specifies if authentication is enabled or not.

• Synchronized: Specifies if the authentication chain is synchronized or not.

Administering


• Action: Enables you to perform specific actions on the selected authenticationchain, such as:

• Edit: Enables you to configure the authentication directories. See Managingauthentication directories for more information.

• Test: Enables you to run an authentication test. To process the test request,you need a valid user name and password.

• Reset: Enables you to reset the directory to its initial settings or defaultvalues. You will lose all changes you have made to this directory since it wascreated.

• Remove: Removes the directory from the authentication chain list.

• Test synchronize: Enables you to check if synchronization is configuredcorrectly.

6. To manage the synchronization of Alfresco with all the user registries (LDAP servers) inthe authentication chain, click Synchronization Settings.

You see the Synchronization Settings page. See Synchronization Settings for moreinformation.

7. To start the user directory sync of all users and groups, click Run Synchronize.

8. Click Save to apply the changes you have made to the authentication chain.


Managing authentication directories

The authentication subsystem support certain properties that can be configured to integrate thesubsystem with Alfresco. This topic describes how to manage the various subsystems using theirconfiguration properties.

Click on the relevant authentication directory for more information.

Configuring OpenLDAP

This topic describes the instructions for configuring OpenLDAP using the configuration propertiesin the Admin Console.




3. In the Authentication Chain section, under Actions, click Edit corresponding to theOpenLDAP directory.

You see the Edit LDAP Directory page.

4. Set the configuration properties.

Synchronization property Example setting What is it?

Authentication Enabled Yes This specifies that the directorywill be used to authenticateusers.

User Name Format - This specifies how to map theuser identifier entered by theuser to that passed through toLDAP.

Administering

30 Alfresco One 5.0


LDAP Server URL ldap://openldap.domain.com:389

This specifies the URL of yourLDAP server, containing itsname and port. The standardports for LDAP are 389 (and636 for SSL)

Security simple This specifies the mechanismused authenticate with theLDAP server. It should beone of the standard valuesprovided here or one of thevalues supported by theLDAP provider. See LDAPconfiguration properties formore information.

Default Administrator UserNames

- This specifies a commaseparated list of user names tobe considered administratorsby default. If you are usingLDAP for all your users, thismaps an LDAP user to be anadministrator user.

Synchronization Enabled Yes This enables user and groupsynchronization. It might bethat this connection shouldonly be used for authentication,in which case this flag shouldbe set to false.

Security Principal Name cn=Manager,dc=company,dc=comThis specifies the LDAPuser to connect forthe export operation, ifone is required by theldap.synchronization.java.naming.security.authenticationauthentication mechanism.This should be inthe same format asldap.authentication.userNameFormatbut with a real user ID insteadof %s.

Security simple This specifies the mechanismto use to authenticate withthe LDAP Synchronizationserver. It should be one of thestandard values provided hereor one of the values supportedby the LDAP provider. SeeLDAP configuration propertiesfor more information.

Group query (objectclass=groupOfNames) This specifies the queryto select all objects thatrepresent the groups toexport. This query is used infull synchronization mode,which by default is scheduledevery 24 hours. The default is(objectclass=groupOfNames).

Administering



Security PrincipalCredentials

secret This specifies the passwordfor the default principal(only used for LDAP sync).Click Show Password toreveal the password. ClickHide Password to hide thepassword.

User Search Base ou=People,dc=company,dc=com This specifies the DN belowwhich to run the user queries.

Group Search Base ou=Groups,dc=company,dc=comThis specifies the DN belowwhich to run the group queries.

Person Differential Query (&(objectclass=inetOrgPerson)(!(modifyTimestamp

Administering

32 Alfresco One 5.0


Authentication Enabled Yes This specifies that the directorywill be used to authenticateusers.

User Name Format - This specifies how to map theuser identifier entered by theuser to that passed through toLDAP.

LDAP Server URL ldap://openldap.domain.com:389

This specifies the URL of yourLDAP server, containing itsname and port. The standardports for LDAP are 389 (and636 for SSL)

Security simple This specifies the mechanismused authenticate with theLDAP server. It should beone of the standard valuesprovided here or one of thevalues supported by theLDAP provider. See LDAPconfiguration properties formore information.

Default Administrator UserNames

- This specifies a commaseparated list of user names tobe considered administratorsby default. If you are usingLDAP for all your users, thismaps an LDAP user to be anadministrator user.

Synchronization Enabled Yes This enables user and groupsynchronization. It might bethat this connection shouldonly be used for authentication,in which case this flag shouldbe set to false.

Security Principal Name cn=Manager,dc=company,dc=comThis specifies the LDAPuser to connect forthe export operation, ifone is required by theldap.synchronization.java.naming.security.authenticationauthentication mechanism.This should be inthe same format asldap.authentication.userNameFormatbut with a real user ID insteadof %s.

Security simple This specifies the mechanismto use to authenticate withthe LDAP Synchronizationserver. It should be one of thestandard values provided hereor one of the values supportedby the LDAP provider. SeeLDAP configuration propertiesfor more information.

Administering



Group query (objectclass=groupOfNames) This specifies the queryto select all objects thatrepresent the groups toexport. This query is used infull synchronization mode,which by default is scheduledevery 24 hours. The default is(objectclass=groupOfNames).

Security PrincipalCredentials

secret This specifies the passwordfor the default principal(only used for LDAP sync).Click Show Password toreveal the password. ClickHide Password to hide thepassword.

User Search Base ou=People,dc=company,dc=com This specifies the DN belowwhich to run the user queries.

Group Search Base ou=Groups,dc=company,dc=comThis specifies the DN belowwhich to run the group queries.

Person Differential Query (&(objectclass=inetOrgPerson)(!(modifyTimestamp

Administering

34 Alfresco One 5.0

3. In the Authentication Chain section, under Actions, click Edit corresponding to thePassthru directory.

You see the Edit Passthru Directory page.



Use Local Server No This enables the local serverto be used for passthruauthentication by usingloopback connections into theserver.

Map Unknown User to Guest No This specifies whetherunknown users areautomatically logged in as theAlfresco guest user duringSSO.

Allow Guest Login No This enables the guest loginsto Alfresco.

Administrator User Names - This specifies a commaseparated list of user names tobe considered administratorsby default.

Authenticate FTP Yes This enables passthruauthentication for FTP access.

Authenticate Domain DOMAIN This specifies the WindowsNetBIOS domain name to usefor passthru authentication.This will attempt to find thedomain controllers usinga network broadcast. Ifthe network broadcast isnot successful, use thepassthru.authentication.serversproperty to specify the domaincontroller list by name oraddress.

Authentication Servers - This specifies a commadelimited list of server namesor addresses that are usedfor authentication. The passthrough authenticator will loadbalance amongst the availableservers, and can monitorserver online/offline status.

Authentication ProtocolOrder

TCPIP,NetBIOS This specifies the typeof protocols and order ofconnection for passthruauthentication sessions. Thedefault is to use NetBIOS, andthe available protocol typesare NetBIOS for NetBIOS overTCP and TCPIP for nativeSMB.

Administering



Connection Timeout 5000 This specifies the timeoutvalue in milliseconds whenopening a session to anauthentication server. Thedefault is 5000.

Offline Check Interval 300 This specifies how often (inseconds) the passthru serversthat are marked as offline arechecked to see if they arenow online. The default checkinterval is 5 minutes.

5. Click Save to apply the changes you have made to the Passthru directory.

If you do not want to save the changes, click Close.

Configuring Kerberos

This topic describes the instructions for configuring Kerberos using the configuration properties inthe Admin Console.




3. In the Authentication Chain section, under Actions, click Edit corresponding to theKerberos directory.

You see the Edit Kerberos Directory page.



User Config Entry Name Alfresco This specifies the entry in theJAAS configuration file thatshould be used for password-based authentication. Therecommended default value isAlfresco.


CIFS Config Entry Name AlfrescoCIFS This specifies an entry inthe JAAS configuration filethat should be used forCIFS authentication. Therecommended default value isAlfrescoCIFS.

Kerberos AuthenticationRealm

ALFRESCO.ORG This specifies the Kerberosrealm used for authentication.The realm should be thedomain in upper case. Forexample, if the domain is'alfresco.org', then the realmshould be ALFRESCO.ORG.

Administering

36 Alfresco One 5.0


CIFS Password secret This specifies the password forthe CIFS Kerberos principal.Click Show Password toreveal the password. ClickHide Password to hide thepassword.

HTTP Config Entry Name AlfrescoHTTP This specifies the entry inthe JAAS configuration fileused for web-based SSO. Therecommended default value isAlfrescoHTTP.

Strip Username Suffix Yes This specifies that the@domain suffix is strippedfrom Kerberos authenticateduser names in CIFS, SPP,WebDAV, and the Web Client.If not selected, multi-domainusers can use the @domainsuffix.

HTTP Password secret This specifies the password forthe HTTP Kerberos principal.Click Show Password toreveal the password. ClickHide Password to hide thepassword.

5. Click Save to apply the changes you have made to the Kerberos directory.


Configuring external authentication

This topic describes the instructions for configuring external authentication using the configurationproperties in the Admin Console.




3. In the Authentication Chain section, under Actions, click Edit corresponding to theExternal directory.

You see the Edit External Directory page.



Authentication Enabled Yes This enables the externaldirectory user authentication.When enabled, Alfrescoaccepts external authenticationtokens; ensure that nountrusted direct access toAlfresco's HTTP or AJP portsis allowed.

Administering



Proxy Username alfresco-system This specifies the remote userthat is considered as the proxyuser. The default is alfresco-system.


Proxy Header X-Alfresco-Remote-User This specifies the HTTPheader that carries the name ofa proxied user. The default isX-Alfresco-Remote-User.

User ID Pattern - This specifies an optionalregular expression used toextract a user ID from theHTTP header. The portion ofthe header matched by the firstbracketed group in the regularexpression becomes the username. If not set, the entireheader contents are assumedto be the proxied user name.

5. Click Save to apply the changes you have made to the External authentication directory.


Configuring alfrescoNtlm

This topic describes the instructions for configuring alfrescoNtlm using the configurationproperties in the Admin Console.




3. In the Authentication Chain section, under Actions, click Edit corresponding to thealfrescoNtlm1 directory.

You see the Edit Internal Alfresco Directory page.



Allow Guest Login Yes This enables guest access toAlfresco.

Map Unknown User to Guest alfresco-system This enables unknown usersto automatically log in as theAlfresco guest user duringSSO.

5. Click Save to apply the changes you have made to the Alfresco Internal authenticationdirectory.


Administering

38 Alfresco One 5.0

Managing synchronization settings

The synchronization settings manage the synchronization of Alfresco with all the userregistries (LDAP servers) in the authentication chain. This topic describes how to configure thesynchronization subsystem.




3. Under the Authentication Chain section, click Synchronization Settings.

You see the Synchronization Settings page.

4. Set the synchronization properties.


Sync on Startup Yes This triggers synchronizationwhen the subsystem startsup. This ensures that whenthe user registries arefirst configured, bulk ofsynchronization work is doneon server startup, rather thanon the first login.

Sync When Missing PeopleLogin

Yes This triggers synchronizationwhen a user, who doesnot yet exist in Alfresco, issuccessfully authenticated.The default is true.

Allow Deletions Yes This triggers deletion ofthe local users and groupsduring synchronization whenhandling removals or collisionresolution. The default is true.If false, then no sync job willbe allowed to delete users orgroups during the handlingof removals or collisionresolution.

Logging Interval 100 This specifies thenumber of user or groupentries processed duringsynchronization beforethe progress is logged atINFO level. It requires thefollowing default entry inlog4j.properties:

log4j.logger.org.alfresco.repo.security.sync=info

The default is 100.

Administering



Auto Create People On Login Yes This specifies whether tocreate a user with defaultproperties, when a user issuccessfully authenticated,who does not yet exist inAlfresco, and was not returnedby synchronization (if enabledwith the Sync When MissingPeople Login property). Thedefault is true.

Sync Changes Only Yes This triggers a differentialsynchronization. Deselectthis option, to run fullsynchronization. Regardlessof this setting, a differentialsynchronization can still betriggered when a user, whodoes not yet exist in Alfresco,is successfully authenticated.

Import CRON Expression 0 0 0 * * ? This specifies a cronexpression which defines whenthe scheduled synchronizationjob should run. By default, thisis every 24 hours at midnight.

Sync Worker Threads 1 This specifies the numberof worker threads used forsynchronization. The default is1.

Settings are common to all the directories for which synchronization is enabled.



Managing CIFS authentication




3. In the CIFS Authentication section, select a directory from the list to authenticate CIFS.Alternatively, select Disabled to disable CIFS authentication.

CIFS uses a challenge or response to authenticate. Only a single directory can beused to authenticate.



Managing browser based automatic login




Administering

40 Alfresco One 5.0

3. In the Browser Based Automatic Login section, select a directory to automatically logusers by using a browser. Alternatively, select Disabled to disable automatic login.

You can configure other forms of SSO using the external authentication type, suchas CAS or Siteminder.



Admin Console: Virtual File Systems

The Virtual File Systems section on the Admin Console contains pages for setting up access toAlfresco from the CIFS and FTP protocols.

Enabling file servers


2. In the Virtual File Systems section, click File Servers.

You see the File Servers page.

3. Set the File Systems properties:

File Systems property Example setting What is it?

File System Name Alfresco The name given to the filesystem when using CIFS,WebDAV, or FTP.

4. Set the CIFS properties:

CIFS property Example setting What is it?

CIFS Enabled Yes This enables or disables theCIFS server.

Server Name ${localname}A The Alfresco CIFS server hostname. This can be a maximumof 16 characters and must beunique on the network. Youcan use the special token${localname} in place of thelocal server's host name andgenerate a unique name byprepending/appending to it.

Host Announce Yes Enables the announcementof the CIFS server to the localdomain/workgroup so thatit shows up in the NetworkPlaces/Network Neighborhood.

Session Timeout (seconds) 900 The default CIFS sessiontimeout is 15 minutes. If no I/O occurs on the session withinthis time then the sessionwill be closed by the server.Windows clients send keep-alive requests, usually within15 minutes.

Administering


CIFS property Example setting What is it?

Domain The domain or workgroup towhich the server belongs. Ifnot specified then the domain/workgroup of the server isused.

5. Set the FTP properties:

FTP property Example setting What is it?

FTP Enabled Yes This enables or disables theFTP server.

Port 2121 This specifies the port onwhich the FTP server listensfor connections.

Dataport From This specifies the lower limit ofthe range of data ports.

Dataport To This specifies the upper limit ofthe range of data ports.



Enabling the IMAP Service


2. In the Virtual File Systems section, click IMAP Service.

You see the IMAP Service page.

3. Set the IMAP Service properties:

IMAP Service property Example setting What is it?

IMAP Server Enabled No This enables or disables theIMAP server.

Hostname 0.0.0.0 This specifies the host or IPaddress to which the IMAPservice will bind.

Mail TO Default [email protected] This specifies the default TOfield that will be used whenthe TO field is not available,for example, when displayingdocuments.

Mail FROM Default [email protected] This specifies the defaultFROM field that will be usedwhen the FROM field is notavailable, for example, whendisplaying documents.

4. Set the IMAP Protocol properties:

IMAP Protocol property Example setting What is it?

Enable IMAP Yes This enables or disables theIMAP service.

Administering

42 Alfresco One 5.0

IMAP Protocol property Example setting What is it?

Port 143 This specifies the port numberon which this service will listen.This is usually 143 but canbe changed to an alternativenumber.

5. Set the IMAPS Protocol properties:

IMAPS Protocol property Example setting What is it?

Enable IMAP Yes This enables or disables theIMAPS service.

Port 993 This specifies the port numberon which this service will listen.This is usually 993 but canbe changed to an alternativenumber.


If you do not want to save the changes, c

Documents

Alfresco One 5.0 Administering Alfresconcpr.su/sites/default/files/pdf/alfresco_one_5.0_administering... · Alfresco Share opens in a browser. 2. Log in using a user name and password