Active Directory LDAP Sync

daveram — Sat, 25 Jul 2009 01:42:02 GMT

G'day,I've setup Alfresco 3.2 with passthru authentication easily enough, however what I'm banging my head on is AD synchronization. This setup is on a Win2k3 server and trying to authorize to a Win2k3 domain controller. Global config file as follows:authentication.chain=alfrescoNtlm1:alfrescoNtlm

Re: Active Directory LDAP Sync

bmarkovic — Thu, 30 Jul 2009 06:44:42 GMT

In my experience your config shouldn't work for passthru since alfrescoNtlm and passthru shouldn't be enabled to provide sso at the same time (which is what you setup). So while your CIFS auth might work in this example, I doubt that you can succesfully login to /alfresco webapp with your AD credentials using passthru because in your case sso auth is handled by alfrescoNtlm.

You need to acquire the 14.07.2009. nightly build of Alfresco to get the version with working extensions/classpaths. And then you need to define separate configuration for different instances of your Authentication subsystem as per http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Configuring_Subsystems.

This was recently explained to me so search for my posts on this forum, and you can also find the link to the build in the discussion.

As for need to provide search base additional to what you provided. Here is my $TOMCAT_HOME/shared/classes/alfresco/extensions/subsystems/Authentication/ldap-ad/ldap-ad1/ldap-ad.properties


ldap.authentication.userNameFormat=%s@<myDomain.tld>
ldap.authentication.java.naming.provider.url=ldap://<myDC'sFQDN>:389

ldap.authentication.defaultAdministratorUserNames=administrator,<me>

ldap.synchronization.java.naming.security.principal=administrator@<myDomain.tld>
ldap.synchronization.java.naming.security.credentials=<password>

ldap.authentication.java.naming.security.authentication=SIMPLE

ldap.synchronization.userSearchBase=ou=<OUcontainingUsers>,dc=<myDomain>,dc=<tld>

ldap.synchronization.groupSearchBase=ou=<OUcontainingUsers>,dc=<myDomain>,dc=<tld>

ldap.authentication.allowGuestLogin=true
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Re: Active Directory LDAP Sync

ipeters — Wed, 12 Aug 2009 14:03:28 GMT

It also looks like the line

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1assthru,ldap-ad:ldap1

is wrong. Make it "ldap1:ldap-ad" instead.

topic Re: Active Directory LDAP Sync in Alfresco Archive

Active Directory LDAP Sync

Re: Active Directory LDAP Sync

Re: Active Directory LDAP Sync