https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292805#M245935 <HTML><HEAD></HEAD><BODY><SPAN>I'm having issue with trying to get active directory working with alfresco. I've been able to authenticate a user to log into alfresco with their active directory credentials. However I can't seem to be able to search a list of all users using the People Finder function. This is going to be crucial for our society in order to initially setup sites and members to those site.</SPAN><BR /><BR /><SPAN>Here is a config that I have residing in this location: webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad</SPAN><BR /><BR /><BR /><SPAN>ldap.authentication.allowGuestLogin=true</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s@test.lan</SPAN><BR /><SPAN>ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://dmc.test.lan:389</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=simple</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInBind=false</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInUid=false</SPAN><BR /><SPAN>ldap.authentication.defaultAdministratorUserNames=administrator,alfresco</SPAN><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.authentication=simple</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=alfresco@test.lan</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=password</SPAN><BR /><SPAN>ldap.synchronization.groupQuery=(objectclass\=group)</SPAN><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=group)(!(whenChanged&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=ou\=Security Groups,ou=\domain,dc=com</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\domain,dc=com</SPAN><BR /><BR /><BR /><SPAN>——————————————————————————-</SPAN><BR /><SPAN>Also I'm on the 4.2.c community version and per instructions I also added this entry to:</SPAN><BR /><SPAN>webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml</SPAN><BR /><SPAN>Found this bean:</SPAN><BR /><BR /><SPAN>&lt;bean id="ldapInitialDirContextFactory"&gt;</SPAN><BR /><SPAN>&lt;property name="initialDirContextEnvironment"&gt;</SPAN><BR /><SPAN>&lt;map&gt;</SPAN><BR /><BR /><SPAN>Added this entry -</SPAN><BR /><BR /><SPAN>&lt;entry key="java.naming.referral"&gt;</SPAN><BR /><SPAN>&lt;value&gt;follow&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><BR /><BR /><SPAN>The authentication works….but I can't search for other users. Does alfresco have this functionality?</SPAN></BODY></HTML> Thu, 27 Jun 2013 22:42:22 GMT eswbitto 2013-06-27T22:42:22Z https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292805#M245935 I'm having issue with trying to get active directory working with alfresco. I've been able to authenticate a user to log into alfresco with their active directory credentials. However I can't seem to be able to search a list of all users using the People Finder function. This is going to be crucial Thu, 27 Jun 2013 22:42:22 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292805#M245935 eswbitto 2013-06-27T22:42:22Z https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292806#M245936 <HTML><HEAD></HEAD><BODY><SPAN>Search only searches in alfresco, not your external directories.&nbsp; Users will be created in alfresco as and when they log in.</SPAN><BR /><BR /><SPAN>And the advice that told you to hack the files below WEB-INF is wrong.&nbsp; Yes it works but you will cause yourself upgrade problems in future and you also won't be able to configure more than one authentication subsystem in the authentication chain.</SPAN></BODY></HTML> Fri, 28 Jun 2013 06:01:29 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292806#M245936 mrogers 2013-06-28T06:01:29Z https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292807#M245937 <HTML><HEAD></HEAD><BODY><SPAN>@mrogers</SPAN><BR /><BR /><SPAN>Where should I be making this configuration then? Do I copy the file somewhere else or just the config part? </SPAN><BR /><BR /><BR /><SPAN>*edit*</SPAN><BR /><SPAN>(Resolution: I had the wrong UPN and it wasn't syncing correctly)</SPAN><BR /><SPAN>Now I have a different problem… I didn't include some OU's and search results show those. Is there a way to filter?</SPAN><BR /><BR /></BODY></HTML> Fri, 28 Jun 2013 15:08:00 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-works-sorta/m-p/292807#M245937 eswbitto 2013-06-28T15:08:00Z