https://connect.hyland.com/t5/alfresco-archive/ldap-activedirectory-configuration-problems/m-p/45066#M24992 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>In ldapInitialDirContextFactory you have configured this for digest authentication but are providing a DN base uid for the user used to import. What is required will depend on your configuration and LDAP server. I have always set this up to use a simple uid (for example in open ldap). You should use a simple ldap browser client to confirm what is required here. Also, in authenticationComponentImpl userNameFormat is set to sAMAccountName=%s. This is probably just %s to pass through the uid typed in by the user to the LDAP digest auth stack. Again, you need to confirm this.</SPAN><BR /><BR /><SPAN>Note, you can use NTLM authentication and also use LDAP to pull in users and groups. The LDAP sync does not rely on the authentication component, only ldapInitialDirContextFactory. Ldap authentication relies on ldapInitialDirContextFactory and updates the uid and password as required rather then using the default in the xml.</SPAN><BR /><BR /><SPAN>For AD, NTLM auth and ldap auth will be broadly similar.</SPAN><BR /><BR /><SPAN>It sounds like CIFS is configured to go direct to your AD server using Kerberos.</SPAN><BR /><BR /><SPAN>If you wnat SSO from the client then you need to use NTLM (v1 enabled on the client). If you want to authenticate against AD you could use LDAP, NTLM or JAAS flavours of the authentication component. So you could stick with what you had and just add LDAP import of users and groups.</SPAN><BR /><BR /><SPAN>Hope this helps</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Fri, 24 Nov 2006 11:25:15 GMT andy 2006-11-24T11:25:15Z https://connect.hyland.com/t5/alfresco-archive/ldap-activedirectory-configuration-problems/m-p/45065#M24991 I am running alfresco 1.4.0 beta.So far, I make alfresco to authenticate users against AD by generating theNTLM configuration from ntlm-authentication-context.xml.sample. Now I intend to import/synchronize the groups/users information from ADinto alfresco system.What I did includes: (1) As I think N Mon, 06 Nov 2006 10:46:30 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-activedirectory-configuration-problems/m-p/45065#M24991 hfrank 2006-11-06T10:46:30Z https://connect.hyland.com/t5/alfresco-archive/ldap-activedirectory-configuration-problems/m-p/45066#M24992 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>In ldapInitialDirContextFactory you have configured this for digest authentication but are providing a DN base uid for the user used to import. What is required will depend on your configuration and LDAP server. I have always set this up to use a simple uid (for example in open ldap). You should use a simple ldap browser client to confirm what is required here. Also, in authenticationComponentImpl userNameFormat is set to sAMAccountName=%s. This is probably just %s to pass through the uid typed in by the user to the LDAP digest auth stack. Again, you need to confirm this.</SPAN><BR /><BR /><SPAN>Note, you can use NTLM authentication and also use LDAP to pull in users and groups. The LDAP sync does not rely on the authentication component, only ldapInitialDirContextFactory. Ldap authentication relies on ldapInitialDirContextFactory and updates the uid and password as required rather then using the default in the xml.</SPAN><BR /><BR /><SPAN>For AD, NTLM auth and ldap auth will be broadly similar.</SPAN><BR /><BR /><SPAN>It sounds like CIFS is configured to go direct to your AD server using Kerberos.</SPAN><BR /><BR /><SPAN>If you wnat SSO from the client then you need to use NTLM (v1 enabled on the client). If you want to authenticate against AD you could use LDAP, NTLM or JAAS flavours of the authentication component. So you could stick with what you had and just add LDAP import of users and groups.</SPAN><BR /><BR /><SPAN>Hope this helps</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Fri, 24 Nov 2006 11:25:15 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-activedirectory-configuration-problems/m-p/45066#M24992 andy 2006-11-24T11:25:15Z