https://connect.hyland.com/t5/alfresco-archive/ad-and-canonical-username/m-p/269964#M223094 <HTML><HEAD></HEAD><BODY><SPAN>Hello all,</SPAN><BR /><BR /><SPAN>I've got Alfresco 4.0.d community successfully authenticating and synchronizing with ActiveDirectory (see config below).&nbsp; I do have one problem however.&nbsp; given that there's a test_user user in AD and given that we can login as test_user@domain and test_user@domain.local, I can login three different ways with the same password.&nbsp; That is, I can login as:</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp; test_user</SPAN><BR /><SPAN>&nbsp;&nbsp; test_user@domain</SPAN><BR /><SPAN>&nbsp;&nbsp; test_user@domain.local</SPAN><BR /><BR /><SPAN>Those are created in alfresco as three different users (with the usernames as above).&nbsp; Is there a way to tell alfresco that the same AD user should map to just one alfresco user?&nbsp; Otherwise, I'm going to have trouble later as users somehow login in more than one way and find that documents they've updated as one user aren't owned by them when they' logged in as a variant n the first user's login? Or that in the second login they aren't in the same groups or don't have access to sharepoint sites they had when logged in as the first user.</SPAN><BR /><BR /><SPAN>==== config starts ====</SPAN><BR /><BR /><SPAN>authentication.chain=ldap1:ldap-ad,passthru1<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />assthru,alfrescoNtlm1:alfrescoNtlm</SPAN><BR /><BR /><SPAN>alfrescoNtlm.ntlm.authentication.sso.enabled=false</SPAN><BR /><SPAN>alfrescoNtlm.alfresco.authentication.authenticateCIFS=false</SPAN><BR /><BR /><SPAN>passthru.ntlm.authentication.sso.enabled=false</SPAN><BR /><SPAN>passthru.passthru.authentication.authenticateCIFS=false</SPAN><BR /><BR /><SPAN>passthru.authentication.useLocalServer=false</SPAN><BR /><SPAN>passthru.authentication.servers=DOMAIN\\111.22.33.1,DOMAIN\\11.22.33.2</SPAN><BR /><BR /><SPAN>ldap.authentication.authenticateCIFS=false</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://111.22.33.3</SPAN><BR /><SPAN>ldap.authentication.defaultAdministratorUserNames=Administrator,admin</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=user@domain.local</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=password</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=domain,dc\=domain,dc\=local</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou\=Users,ou\=domain,dc\=domain,dc\=local</SPAN><BR /><BR /><SPAN>ldap.authentication.java.naming.security.authentication=DIGEST-MD5</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(givenName\=*)</SPAN><BR /><SPAN>ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider</SPAN><BR /><BR /><SPAN>==== config ends ====</SPAN><BR /><BR /><SPAN>Many thanks,</SPAN><BR /><BR /><SPAN>Gerald</SPAN></BODY></HTML> Wed, 10 Oct 2012 04:21:21 GMT bopolissimus 2012-10-10T04:21:21Z https://connect.hyland.com/t5/alfresco-archive/ad-and-canonical-username/m-p/269964#M223094 Hello all,I've got Alfresco 4.0.d community successfully authenticating and synchronizing with ActiveDirectory (see config below).&nbsp; I do have one problem however.&nbsp; given that there's a test_user user in AD and given that we can login as test_user@domain and test_user@domain.local, I can login three Wed, 10 Oct 2012 04:21:21 GMT https://connect.hyland.com/t5/alfresco-archive/ad-and-canonical-username/m-p/269964#M223094 bopolissimus 2012-10-10T04:21:21Z https://connect.hyland.com/t5/alfresco-archive/ad-and-canonical-username/m-p/269965#M223095 <HTML><HEAD></HEAD><BODY><SPAN>After talking to the system administrators, It turns out this isn't an issue.&nbsp; System administrators know about the domain. Users would never login with [username]@[domain1].[domain2], so the problem won't come up.</SPAN></BODY></HTML> Mon, 15 Oct 2012 03:15:47 GMT https://connect.hyland.com/t5/alfresco-archive/ad-and-canonical-username/m-p/269965#M223095 bopolissimus 2012-10-15T03:15:47Z