https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310650#M263780 <HTML><HEAD></HEAD><BODY><SPAN><SPAN>Hi guys! I encountered a strange problem with my alfresco. The thing is I have two accounts for each user, one in format name - John Doe, username - jdoe; and another in format name - jdoe, username - </SPAN><A class="jive-link-email-small" href="mailto:jdoe@company.com" rel="nofollow noopener noreferrer">jdoe@company.com</A><SPAN>. Users can login only with account in </SPAN><A class="jive-link-email-small" href="mailto:jdoe@company.com" rel="nofollow noopener noreferrer">jdoe@company.com</A><SPAN> format, which is fine untill they want to give others access rights for some document because they're looking for the user by his name John Doe which gives them the wrong account jdoe and, of course, the rights given to this account have no effect as he actually uses another account </SPAN><A class="jive-link-email-small" href="mailto:jdoe@company.com" rel="nofollow noopener noreferrer">jdoe@company.com</A><SPAN>! How can I get rid of this double accounts? Why is this even happening?</SPAN></SPAN><BR /><SPAN>I'm running version 5.0.a on Ubuntu 14.04. Users access it from their Windows machines. I guess I misconfigured ldap authentication, but current configuration is the only one working, everything else I've tried resulted in another errors. </SPAN><BR /><SPAN>And another funny thing: if I use </SPAN><BR /><SPAN><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@company.com</A></SPAN><BR /><SPAN>instead of</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><SPAN>the search stop working! Not entirely, advanced search still works fine, but if I just type something in the search box it results in a blank page. But I have one and only account for each user.))</SPAN><BR /><BR /><SPAN>Here is my config.:</SPAN><BR /><SPAN>### LDAP ###</SPAN><BR /><SPAN>authentication.chain=passthru1<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />assthru,ldap1:ldap</SPAN><BR /><BR /><SPAN>### Passthru Config ###</SPAN><BR /><SPAN>passthru.authentication.useLocalServer=false</SPAN><BR /><SPAN>passthru.authentication.domain=</SPAN><BR /><SPAN>passthru.authentication.servers=10.1.1.1</SPAN><BR /><SPAN>passthru.authentication.guestAccess=false</SPAN><BR /><SPAN><A class="jive-link-email-small" href="mailto:passthru.authentication.defaultAdministratorUserNames=admin@company.com" rel="nofollow noopener noreferrer">passthru.authentication.defaultAdministratorUserNames=admin@company.com</A></SPAN><BR /><SPAN>#Timeout value when opening a session to an authentication server, in milliseconds</SPAN><BR /><SPAN>passthru.authentication.connectTimeout=5000</SPAN><BR /><SPAN>#Offline server check interval in seconds</SPAN><BR /><SPAN>passthru.authentication.offlineCheckInterval=300</SPAN><BR /><SPAN>passthru.authentication.protocolOrder=NetBIOS,TCPIP</SPAN><BR /><SPAN>passthru.authentication.authenticateCIFS=true</SPAN><BR /><SPAN>passthru.authentication.authenticateFTP=true</SPAN><BR /><BR /><SPAN>ntlm.authentication.sso.enabled=true</SPAN><BR /><SPAN>ntlm.authentication.mapUnknownUserToGuest=false</SPAN><BR /><BR /><SPAN>### LDAP-AD Auth ###</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=false</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><SPAN>ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://10.1.1.1:389</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=simple</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInBind=false</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInUid=false</SPAN><BR /><SPAN><A class="jive-link-email-small" href="mailto:ldap.authentication.defaultAdministratorUserNames=admin@company.com" rel="nofollow noopener noreferrer">ldap.authentication.defaultAdministratorUserNames=admin@company.com</A></SPAN><BR /><BR /><SPAN>### LDAP-AD Synch ###</SPAN><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.authentication=simple</SPAN><BR /><SPAN><A class="jive-link-email-small" href="mailto:ldap.synchronization.java.naming.security.principal=admin@company.com" rel="nofollow noopener noreferrer">ldap.synchronization.java.naming.security.principal=admin@company.com</A></SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=password</SPAN><BR /><SPAN>ldap.synchronization.queryBatchSize=1000</SPAN><BR /><SPAN>ldap.synchronization.attributeBatchSize=1000</SPAN><BR /><SPAN>ldap.synchronization.groupQuery=(objectclass\=group)</SPAN><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=group)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=dc=diasoft,dc=ru</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=dc=diasoft,dc=ru</SPAN><BR /><SPAN>ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp</SPAN><BR /><SPAN>ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'</SPAN><BR /><SPAN>ldap.synchronization.userIdAttributeName=sAMAccountName</SPAN><BR /><SPAN>ldap.synchronization.userFirstNameAttributeName=givenName</SPAN><BR /><SPAN>ldap.synchronization.userLastNameAttributeName=sn</SPAN><BR /><SPAN>ldap.synchronization.userEmailAttributeName=mail</SPAN><BR /><SPAN>ldap.synchronization.userOrganizationalIdAttributeName=company</SPAN><BR /><SPAN>ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider</SPAN><BR /><SPAN>ldap.synchronization.groupIdAttributeName=cn</SPAN><BR /><SPAN>ldap.synchronization.groupDisplayNameAttributeName=displayName</SPAN><BR /><SPAN>ldap.synchronization.groupType=group</SPAN><BR /><SPAN>ldap.synchronization.personType=user</SPAN><BR /><SPAN>ldap.synchronization.groupMemberAttributeName=member</SPAN><BR /><SPAN>ldap.synchronization.enableProgressEstimation=true</SPAN></BODY></HTML> Fri, 31 Oct 2014 14:30:29 GMT statira 2014-10-31T14:30:29Z https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310650#M263780 Hi guys! I encountered a strange problem with my alfresco. The thing is I have two accounts for each user, one in format name - John Doe, username - jdoe; and another in format name - jdoe, username - jdoe@company.com. Users can login only with account in jdoe@company.com format, which is fine until Fri, 31 Oct 2014 14:30:29 GMT https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310650#M263780 statira 2014-10-31T14:30:29Z https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310651#M263781 <HTML><HEAD></HEAD><BODY><SPAN>hi .. </SPAN><BR /><BR /><SPAN>may i know how user login to alfresco share </SPAN><A href="http://localhost:8080/share" rel="nofollow noopener noreferrer">http://localhost:8080/share</A><SPAN> ,</SPAN><BR /><SPAN><SPAN>username&nbsp; jdoe&nbsp; or&nbsp; </SPAN><A class="jive-link-email-small" href="mailto:jdoe@company.com" rel="nofollow noopener noreferrer">jdoe@company.com</A><SPAN> ?</SPAN></SPAN><BR /><BR /><SPAN>maybe you can try this , add dc\=diasoft,dc\=ru</SPAN><BR /><BR /><SPAN>ldap.synchronization.groupSearchBase=dc\=diasoft,dc\=ru</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=dc\=diasoft,dc\=ru</SPAN><BR /><BR /><SPAN>restart the alfresco service and try.</SPAN><BR /><BR /><SPAN>if success proceed step 2 , add @company.com</SPAN><BR /><SPAN><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@company.com</A></SPAN><BR /><SPAN>restart alfresco service</SPAN><BR /><SPAN>try to login use jdoe&nbsp; on </SPAN><A href="http://localhost:8080/share" rel="nofollow noopener noreferrer">http://localhost:8080/share</A><BR /><BR /><SPAN>hope can help you</SPAN><BR /><BR /></BODY></HTML> Mon, 03 Nov 2014 01:43:04 GMT https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310651#M263781 csyeow 2014-11-03T01:43:04Z https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310652#M263782 <HTML><HEAD></HEAD><BODY><SPAN>Hi, csyeow. Thanks for your reply. I tried what you suggested with no success. </SPAN><BR /><SPAN>If I use </SPAN><BR /><SPAN><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@company.com</A></SPAN><BR /><SPAN>I can login as jdoe, but only advanced search works this way, and if I use </SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><SPAN><SPAN>I can login as </SPAN><A class="jive-link-email-small" href="mailto:jdoe@company.com" rel="nofollow noopener noreferrer">jdoe@company.com</A><SPAN>, and search works fine. </SPAN></SPAN><BR /><SPAN>But no matter what the config is, both users present in alfresco at the same time, which leads to confusion.</SPAN></BODY></HTML> Wed, 05 Nov 2014 08:42:00 GMT https://connect.hyland.com/t5/alfresco-archive/authentication-problem/m-p/310652#M263782 statira 2014-11-05T08:42:00Z