https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295356#M248486 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>I have a problem setting up Active Directory authentication. I did a setup by the book and it works, I can authenticate with AD, I can synchronize with AD, but what bothers me is that ALL users can authenticate with AD. This is not what I want. I have two organizational units, Teachers and Students. I want only users within Teachers OU to authenticate and others not. If I put a filter on ldap.synchronization.personQuery it's only for synchronization. Only these users are synced with alfresco, but when I try to login as a Student user, I can. Does anyone have a suggestion? Thank you.</SPAN></BODY></HTML> Tue, 06 May 2014 11:07:04 GMT zugs 2014-05-06T11:07:04Z https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295356#M248486 Hello,I have a problem setting up Active Directory authentication. I did a setup by the book and it works, I can authenticate with AD, I can synchronize with AD, but what bothers me is that ALL users can authenticate with AD. This is not what I want. I have two organizational units, Teachers and Stu Tue, 06 May 2014 11:07:04 GMT https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295356#M248486 zugs 2014-05-06T11:07:04Z https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295357#M248487 <HTML><HEAD></HEAD><BODY><SPAN>It seems Alfresco is creating a new user on successful AD authentication.</SPAN><BR /><BR /><SPAN>You should disable create.missing.people property by overriding spring bean for Alfresco 4.2.c or by setting it to false on alfresco-global.properties for Alfresco 4.2.d.</SPAN></BODY></HTML> Tue, 06 May 2014 11:30:52 GMT https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295357#M248487 angelborroy 2014-05-06T11:30:52Z https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295358#M248488 <HTML><HEAD></HEAD><BODY><SPAN>It seems to be working. Thank you very much. Although, I can't say I like this solution, because what if don't want or need synchronization? I just want to authenticate against AD.. Why can't there be a possibility to filter which users you want, which ou or group to look for, like in the sync case?</SPAN></BODY></HTML> Tue, 06 May 2014 14:20:26 GMT https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295358#M248488 zugs 2014-05-06T14:20:26Z https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295359#M248489 <HTML><HEAD></HEAD><BODY><SPAN>Using only AD authentication, you must prepare an LDAP branch on your system containing only Alfresco desired users.</SPAN><BR /><BR /><SPAN>Another alternative is to filter users request based on user DN by extending the LDAP subsystem.</SPAN><BR /><BR /><SPAN>The main reason is that no binding user is required for authentication, because of this no filter or lookup can be configured.</SPAN></BODY></HTML> Wed, 07 May 2014 10:32:04 GMT https://connect.hyland.com/t5/alfresco-archive/ad-authentication/m-p/295359#M248489 angelborroy 2014-05-07T10:32:04Z