https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239288#M192418 <HTML><HEAD></HEAD><BODY><SPAN>i found some informations about this by searching this forum and reading the wiki …</SPAN><BR /><BR /><SPAN>I have an ubuntu 8.04 LTS system with running alfresco on it …</SPAN><BR /><SPAN>Right now it works by using alfresco's local user db</SPAN><BR /><BR /><SPAN>I would like to login to alfresco by using my MS Active Directory credentials.</SPAN><BR /><SPAN>the ldap-connection is established (ldapsearch works)</SPAN><BR /><SPAN>now i need to configure the alfresco global properties file:</SPAN><BR /><SPAN>my 1st try will go like this:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>### AUTH against MS-ADS<BR />authentication.chain=passthru1:passthru,ldap1:ldap-ad<BR />ldap.authentication.active=false<BR />passthru.authentication.domain=<BR />passthru.authentication.servers=test\\srv.test.local,srv.test.local<BR />passthru.authentication.defaultAdministratorUserNames=administrator<BR />ldap.authentication.java.naming.provider.url=ldap://srv.test.local:389<BR />ldap.authentication.userNameFormat=%s@test.local<BR />ldap.synchronization.java.naming.security.principal=administrator@test.local<BR />ldap.synchronization.java.naming.security.credentials=verysecret<BR />ldap.synchronization.groupSearchBase=ou=alfresco,dc=test,dc=local<BR />ldap.synchronization.userSearchBase=ou=alfresco,dc=test,dc=local<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>is this really all, what needs to be configured in alfresco in order to auth against an Win2k3 server with running AD?</SPAN><BR /><BR /><SPAN>after reboot (/etc/init.d/tomcat6 restart wont work) i can login with my AD credentials …</SPAN><BR /><SPAN>and if changing my passwd in AD, alfresco login uses the new credentials …</SPAN><BR /><BR /><SPAN>but if i create a new user in AD this user can't login to alfresco …</SPAN><BR /><BR /><SPAN>so i need to add the user twice ?! In AD and Alfresco?</SPAN></BODY></HTML> Fri, 02 Oct 2009 10:24:05 GMT elmuchacho 2009-10-02T10:24:05Z https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239288#M192418 i found some informations about this by searching this forum and reading the wiki …I have an ubuntu 8.04 LTS system with running alfresco on it …Right now it works by using alfresco's local user dbI would like to login to alfresco by using my MS Active Directory credentials.the ldap-connection is es Fri, 02 Oct 2009 10:24:05 GMT https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239288#M192418 elmuchacho 2009-10-02T10:24:05Z https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239289#M192419 <HTML><HEAD></HEAD><BODY><SPAN>A&nbsp; couple things you should look at.</SPAN><BR /><BR /><SPAN>1. See how frequent the LDAP synchronization is occurring. </SPAN><BR /><SPAN>2. Look at your LDAP query as it may be selecting users of a certain group. Also, I'm not sure if the LDAP query detects whether the newly created user must sign in first before the account is activated.</SPAN></BODY></HTML> Tue, 06 Oct 2009 23:36:07 GMT https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239289#M192419 rliu 2009-10-06T23:36:07Z https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239290#M192420 <HTML><HEAD></HEAD><BODY><SPAN>AUTH against ADS works for me right now …</SPAN><BR /><SPAN>using this entries in alfresco.global.properties:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>### AUTH against MS-ADS<BR />authentication.chain=alferscoNtlm1:alfrescoNtlm,ldap1:ldap-ad<BR />ldap.authentication.active=true<BR />ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<BR />ldap.authentication.java.naming.provider.url=ldap://serverip:389<BR />ldap.authentication.java.naming.security.authentication=SIMPLE<BR />ldap.authentication.escapeCommasInBind=false<BR />ldap.authentication.escapeCommasInUid=false<BR />ldap.authentication.userNameFormat=%s@test.local<BR />ldap.synchronization.java.naming.security.principal=ldapreaduser@test.local<BR />ldap.synchronization.java.naming.security.credentials=verysecret<BR />ldap.synchronization.groupSearchBase=ou=intranet,dc=test,dc=local<BR />ldap.synchronization.userSearchBase=ou=intranet,dc=test,dc=local<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>right now i have two problems:</SPAN><BR /><STRONG>1. how to set up ldaps?</STRONG><BR /><SPAN>ldaps didn't work by only changing the url from ldap://serverip:389 to ldaps://serverip:636 …</SPAN><BR /><SPAN>something more to do? like setting up the path to the cert-file?</SPAN><BR /><SPAN>but where/how to config this?</SPAN><BR /><STRONG>2. how to delete a user in alfresco when user is deleted in ldap?</STRONG><BR /><SPAN>didn't found a solution yet ;(</SPAN></BODY></HTML> Thu, 05 Nov 2009 11:55:38 GMT https://connect.hyland.com/t5/alfresco-archive/auth-against-active-directoy-using-ldaps/m-p/239290#M192420 elmuchacho 2009-11-05T11:55:38Z