https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43092#M23406 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>I configured a LDAP synchro (Active Directory) in order to copy users from a particular group into Alfresco.</SPAN><BR /><SPAN>I also commented the bean &lt;bean id="authenticationComponentImpl"&nbsp; in the ldap-authentication-context.xml file</SPAN><BR /><BR /><SPAN>I modified the web.xml file to activate the NTLM passthru (in order to allow the access to alfresco without login/password)</SPAN><BR /><SPAN>the file ntlm-authentication-context.xml has been left to its default value (no "servers" values, "useLocalServer" set to true)</SPAN><BR /><BR /><SPAN>A user from the AD group (so which is synchronized) can connect successfuly to alfresco, but it also allows people which are not part of the group to connect to alfresco (the account is then created in Alfresco).</SPAN><BR /><BR /><SPAN>is it normal ?</SPAN><BR /><SPAN>How can we restrict the access only to the syncrhonized users ??</SPAN><BR /><BR /><SPAN>Thanks</SPAN><BR /><BR /><SPAN>Sylvain</SPAN></BODY></HTML> Wed, 07 Feb 2007 08:27:27 GMT lascaux 2007-02-07T08:27:27Z https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43092#M23406 Hi,I configured a LDAP synchro (Active Directory) in order to copy users from a particular group into Alfresco.I also commented the bean &lt;bean id="authenticationComponentImpl"&nbsp; in the ldap-authentication-context.xml fileI modified the web.xml file to activate the NTLM passthru (in order to allow Wed, 07 Feb 2007 08:27:27 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43092#M23406 lascaux 2007-02-07T08:27:27Z https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43093#M23407 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>You can turn off the auto creation of people - no one without imported details will be able to log in.</SPAN><BR /><BR /><SPAN>Over-ride the person service bean and change the property createMissingPeople to false.</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp; &lt;!– The person service.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR /><BR />&nbsp;&nbsp;&nbsp; &lt;bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl"&gt;<BR /> …….<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="createMissingPeople"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;false&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property<BR />…….<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Wed, 07 Feb 2007 14:26:08 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43093#M23407 andy 2007-02-07T14:26:08Z https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43094#M23408 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">You can turn off the auto creation of people - no one without imported details will be able to log in.<BR /><BR />Over-ride the person service bean and change the property createMissingPeople to false.<BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp; &lt;!– The person service.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR /><BR />&nbsp;&nbsp;&nbsp; &lt;bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl"&gt;<BR /> …….<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="createMissingPeople"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;false&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property<BR />…….<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BLOCKQUOTE><BR /><SPAN>Thanks Andy,</SPAN><BR /><BR /><SPAN>But where to override this bean ??</SPAN></BODY></HTML> Wed, 07 Feb 2007 17:17:06 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43094#M23408 lascaux 2007-02-07T17:17:06Z https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43095#M23409 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>Take the defintion from authentication-services-context.xml and put it in extensions, somewhere like custom-authentication-services-context.xml.</SPAN><BR /><SPAN>Then make your changes - this will over-ride the bean defintion. Any file matching *-context.xml will be found in the extensions directory.</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Tue, 13 Feb 2007 09:57:34 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-passthru-ldap-synchro-and-user-access-restriction/m-p/43095#M23409 andy 2007-02-13T09:57:34Z