https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304146#M257276 <HTML><HEAD></HEAD><BODY><SPAN>Hello all, </SPAN><BR /><BR /><SPAN>I am new to Alfresco, I have the Community version installed on Windows Server 2012.</SPAN><BR /><BR /><SPAN>I would like to bind the application with my company's LDAP Active Directory server. </SPAN><BR /><BR /><SPAN>I have attempted myself to update the alfresco-global.properties file to include the following:</SPAN><BR /><BR /><SPAN>authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad</SPAN><BR /><SPAN>ntlm.authentication.sso.enabled=false</SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=true</SPAN><BR /><SPAN><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@domainname.com</A></SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldaps://adssl.domainname.com:636</SPAN><BR /><SPAN>ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=x195485</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=mypassword</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=ou=People,dc=domainname,dc=com</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou=People,dc=domainname,dc=com</SPAN><BR /><SPAN>synchronization.syncOnStartup=true</SPAN><BR /><BR /><SPAN>It would appear that after I inserted the above and restarted the server that I was able to log into Alfresco using my AD account or so I thought. My username in AD is x195485 and I have admin rights to AD so I thought the above would be how I would bind to LDAP, or so I thought. I tried logging into Alfresco using another username and it failed, the only account that works is mine which x195485 and I wonder if its because I enter my credentials into the above code when I thought what I was doing was entering binding credentials to our AD server.</SPAN><BR /><BR /><SPAN>I am obviously doing something wrong so if someone could please help I would appreciate it. I am by the way, out of my depth with Java so I will need a dummies guide on this please. Also, for the purposes of security I have replaced the actual domain name with domainname.com so please dont assume I havent got these correct.</SPAN><BR /><BR /><SPAN>Thank you.</SPAN><BR /></BODY></HTML> Tue, 24 Mar 2015 14:17:05 GMT joshbishop82 2015-03-24T14:17:05Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304146#M257276 Hello all, I am new to Alfresco, I have the Community version installed on Windows Server 2012.I would like to bind the application with my company's LDAP Active Directory server. I have attempted myself to update the alfresco-global.properties file to include the following:authentication.chain=alfi Tue, 24 Mar 2015 14:17:05 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304146#M257276 joshbishop82 2015-03-24T14:17:05Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304147#M257277 <HTML><HEAD></HEAD><BODY><SPAN>Hello, </SPAN><BR /><BR /><SPAN>I updated my alfresco-global.properties file with the following. This also failed sadly, still back in the same please I was where by the only account I can log in with apart from the admin account is x195485 which I only have mentioned in the text below as the LDAP binding credentails. Really strange!</SPAN><BR /><BR /><SPAN>### Authentication ###</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad</SPAN><BR /><SPAN><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@domainname.com</A></SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=false</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=SIMPLE</SPAN><BR /><SPAN>ldap.authentication.java.naming.read.timeout=30000</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldaps://adssl.domainname.com:636</SPAN><BR /><BR /><SPAN>### LDAP Synchronization ###</SPAN><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=x195485</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=password</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=ou=Prumerica,ou=People,dc=domainname,dc=com</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou=Prumerica,ou=People,dc=domainname,dc=com</SPAN></BODY></HTML> Wed, 25 Mar 2015 09:45:19 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304147#M257277 joshbishop82 2015-03-25T09:45:19Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304148#M257278 <HTML><HEAD></HEAD><BODY><SPAN>RESOLVED</SPAN><BR /><BR /><SPAN>My AD binding credentials were the problem, even though that account is allowed to access AD and view and even modify security groups it is not permitted as a service account. I slightly cheated for testing purposes and used a service account from another application that uses LDAP to see if that was the problem and it worked. Furthermore, the format in my reply post above is the format that worked, not my initial post format.</SPAN></BODY></HTML> Wed, 25 Mar 2015 12:00:15 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-config-ldap-with-ad/m-p/304148#M257278 joshbishop82 2015-03-25T12:00:15Z