topic Re: Active Directory Auth problem! in Alfresco Archive

Active Directory Auth problem!

kuriachan_n — Wed, 18 Feb 2009 19:28:37 GMT

I am having an alfresco lab3 setup with Active Directory authentication. Few active directory users are not able to login to Alfresco ( Almost 95% users can login without any problem) :cry: Can any one help me out?RegardsJoe

Re: Active Directory Auth problem!

kuriachan_n — Wed, 18 Feb 2009 19:34:46 GMT

my ldap-authentication.properties file is as follows

#^M
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions^M
#^M
^M
# How to map the user id entered by the user to taht passed through to LDAP^M
# - simple ^M
#    - this must be a DN and would be something like^M
#      CN=%s,DC=company,DC=com^M
# - digest^M
#    - usually pass through what is entered^M
#      %s     ^M
ldap.authentication.userNameFormat=%s^M
^M
# The LDAP context factory to use^M
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory^M
^M
# The URL to connect to the LDAP server ^M
ldap.authentication.java.naming.provider.url=ldap://mydc.com:389^M
^M
# The authentication mechanism to use^M
ldap.authentication.java.naming.security.authentication=DIGEST-MD5^M
^M
# The default principal to use (only used for LDAP sync)^M
ldap.authentication.java.naming.security.principal=reader^M
^M
# The password for the default principal (only used for LDAP sync)^M
ldap.authentication.java.naming.security.credentials=secret^M
^M
# Escape commas entered by the user at bind time^M
# Useful when using simple authentication and the CN is part of the DN and contains commas^M
ldap.authentication.escapeCommasInBind=false^M
^M
# Escape commas entered by the user when setting the authenticated user^M
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is ^M
# pulled in as part of an LDAP sync^M
# If this option is set to true it will break the default home folder provider as space names can not contain \^M
ldap.authentication.escapeCommasInUid=false
~                                                          ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Re: Active Directory Auth problem!

mikeh — Wed, 18 Feb 2009 20:44:24 GMT

You need to give us a hint about any common factors between the 5% who have problems… format of username? …domain permission? …group membership?

Mike

Re: Active Directory Auth problem!

kuriachan_n — Thu, 19 Feb 2009 11:43:26 GMT

Hey Mike,

Thanks for your reply. Anyway the problem got resolved by resetting the passwords of those users who were not able to login. Inside AD their "password never expire" option was selected. It means there is something relation with password policy. We have an AD setup of more than 2500 users, rest of the users login were happening perfectly.

Regards
Joe