https://connect.hyland.com/t5/alfresco-archive/ldap-users-disabled/m-p/307816#M260946 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>I'm completely new to Alfresco so please be mindful of my ignorance <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></SPAN><BR /><BR /><SPAN>I have just set up alfresco 5.0 server (on a windows vm) and after an entire day of sweat, blood and tears I managed to connect it to our AD - in a way.</SPAN><BR /><BR /><SPAN>When server stars the groups and users are synchronized and I can see them from within the Alfresco admin console if logged in as admin.</SPAN><BR /><BR /><SPAN>However non of my ad users are able to log in. Further investigation showed that all imported/synchronized accounts are marked as disabled inside Alfresco even though they are not on the AD, and I cannot change this.</SPAN><BR /><BR /><SPAN>Any ideas what I need to change or were I went wrong on the configuration.</SPAN><BR /><BR /><SPAN>Here is the important bit from configuration file:</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />### Authentication ###<BR />authentication.chain=alfinst:alfrescoNtlm,ldap-ad1:ldap-ad<BR /><BR />### LDAP-AD Auth ###<BR />ldap.authentication.active=false<BR />ldap.authentication.allowGuestLogin=false<BR />ldap.authentication.userNameFormat=%s<BR />ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<BR />ldap.authentication.java.naming.provider.url=ldap://192.168.0.111:389<BR />ldap.authentication.java.naming.security.authentication=simple<BR />ldap.authentication.escapeCommasInBind=false<BR />ldap.authentication.escapeCommasInUid=false<BR />ldap.authentication.defaultAdministratorUserNames=Administrator,admin<BR /><BR />### LDAP-AD Synch ###<BR />ldap.synchronization.active=true<BR />ldap.synchronization.java.naming.security.authentication=simple<BR />ldap.synchronization.java.naming.security.principal=MyAdminUser@MyDomain.Com<BR />ldap.synchronization.java.naming.security.credentials=MyPassword<BR />ldap.synchronization.queryBatchSize=1000<BR />ldap.synchronization.attributeBatchSize=1000<BR />ldap.synchronization.groupQuery=(objectclass\=group)<BR />ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=group)(!(modifyTimestamp&lt;\={0})))<BR />ldap.synchronization.personQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp&lt;\={0})))<BR />ldap.synchronization.groupSearchBase=ou\=UK,ou\=Wockhardt Pharma Ltd,dc=wockhardt,dc=net<BR />ldap.synchronization.userSearchBase=ou\=UK,ou\=Wockhardt Pharma Ltd,dc=wockhardt,dc=net<BR />ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp<BR />ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'<BR />ldap.synchronization.userIdAttributeName=sAMAccountName<BR />ldap.synchronization.userFirstNameAttributeName=givenName<BR />ldap.synchronization.userLastNameAttributeName=sn<BR />ldap.synchronization.userEmailAttributeName=mail<BR />ldap.synchronization.userOrganizationalIdAttributeName=company<BR />ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider<BR />ldap.synchronization.groupIdAttributeName=cn<BR />ldap.synchronization.groupDisplayNameAttributeName=displayName<BR />ldap.synchronization.groupType=group<BR />ldap.synchronization.personType=user<BR />ldap.synchronization.groupMemberAttributeName=member<BR />ldap.synchronization.enableProgressEstimation=true<BR /><BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><BR /><SPAN>Thanks</SPAN></BODY></HTML> Mon, 13 Apr 2015 14:43:04 GMT psuplat 2015-04-13T14:43:04Z https://connect.hyland.com/t5/alfresco-archive/ldap-users-disabled/m-p/307816#M260946 Hello,I'm completely new to Alfresco so please be mindful of my ignorance <IMG id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />I have just set up alfresco 5.0 server (on a windows vm) and after an entire day of sweat, blood and tears I managed to connect it to our AD - in a way.When server stars the groups and users are synchronized and I can see th Mon, 13 Apr 2015 14:43:04 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-users-disabled/m-p/307816#M260946 psuplat 2015-04-13T14:43:04Z https://connect.hyland.com/t5/alfresco-archive/ldap-users-disabled/m-p/307817#M260947 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>Your first row of the configuration is:</SPAN><BR /><SPAN>ldap.authentication.active=false</SPAN><BR /><SPAN>But it should be enable, so it should be equials to "true"</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>This way all the users will be able to authenticate with their account from the AD into the Alfresco.</SPAN><BR /><BR /><SPAN>Here is the specs about "ldap.authentication.active" from the alfresco wiki from hree </SPAN><A href="http://docs.alfresco.com/community/concepts/auth-ldap-props.html" rel="nofollow noopener noreferrer">http://docs.alfresco.com/community/concepts/auth-ldap-props.html</A><SPAN>:</SPAN><BR /><SPAN>ldap.authentication.active</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; This Boolean flag, when true enables use of this LDAP subsystem for authentication. It might be that this subsystem should only be used for user registry export, in which case this flag should be set to false and you would have to chain an additional subsystem such as passthru or kerberos to provide authentication functions.</SPAN><BR /><BR /><BR /><SPAN>Regards!</SPAN></BODY></HTML> Tue, 14 Apr 2015 08:26:00 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-users-disabled/m-p/307817#M260947 borisstankov 2015-04-14T08:26:00Z