topic Weird thing with LDAP in Alfresco Forum

Weird thing with LDAP

willi78400 — Wed, 17 Jan 2018 15:03:59 GMT

Hi everyone ! I'm pretty new to Alfresco and I decided to use this solution for my intern needs. Since all my co-workers need it, I added Ldap authentification. Here is the configuration I use :################################# Common Alfresco Properties ################################dir.root=C:/A

Re: Weird thing with LDAP

douglascrp — Wed, 17 Jan 2018 16:52:57 GMT

Have you tried your user queries agains your LDAP server to check if it is returning the users?

If the query is not ok, there is no way Alfresco will be able to get the users to you.

You can use a tool like Apache Directory Studio to execute the tests.

Welcome to Apache Directory Studio — Apache Directory

Re: Weird thing with LDAP

willi78400 — Thu, 18 Jan 2018 13:44:03 GMT

Thanks Douglas for the quick answer once again

You got it, I downloaded Apache Directory Studio but it doesn't work on Server 2012 so I used Jxplorer to do the queries and ... the path is the problem. I don't know why but I really think the path is good since the user zip is in the OU named Users that is in the DC solicia in DC fr. Can the port be the issue here ? Because I don't know if my Ldap uses the default port (389 or not).

Re: Weird thing with LDAP

douglascrp — Thu, 18 Jan 2018 16:22:27 GMT

I didn't get that.

Can you share a screenshot of the structure?

I don't know about Jxplorer, but using the Apache Directory Studio you can copy the right path and simply paste it in the alfresco-global.properties.

About the port, I believe it is ok, or you would be seeing other kinds of errors in the log file, as Alfresco would not be able to connect into the LDAP server.

Re: Weird thing with LDAP

willi78400 — Fri, 19 Jan 2018 10:44:10 GMT

I made a mistake with Admin and user groups that's why it didn't work, now it finds me every users I've put in those groups.

The thing is that I've put only 9 users in the groups and I figured out that all users from my Ldap can log in (in the alfresco logs it tells me that 9 users and 2 groups have been found) so I don't understand this.

Re: Weird thing with LDAP

douglascrp — Fri, 19 Jan 2018 11:27:24 GMT

Ok, so you have more than 9 users on LDAP, but Alfresco is syncronizing just 9, is that right?

In this case, probably the thing is that other users are in a different place, not reached by Alfresco when querying for the users and groups.

Maybe a different OU or structure.

Re: Weird thing with LDAP

willi78400 — Fri, 19 Jan 2018 12:41:19 GMT

No, I meant that in my ldap I have more than 70 users. I only want 9 of them that are in ou=personnel,ou=exploitation,ou=informatique,ou=Solicia,dc=solicia,dc=fr to have the right to log in Alfresco. The thing is that everyone even if they are not in this ou can log into Alfresco...

Re: Weird thing with LDAP

douglascrp — Fri, 19 Jan 2018 18:35:59 GMT

All you have to do is to put the right query to the person queries, like:

ldap.synchronization.personQuery=(&(objectCategory\=user)(objectClass\=user)(memberOf\=CN\=[correct path]))
ldap.synchronization.personDifferentialQuery=(&(&(objectCategory\=user)(objectClass\=user)(memberOf\=CN\=[correct path]))(!(modifyTimestamp<\={0})))

Can you share your current configuration?

That will make it easier to help you.

More on the topic can be found in several threads here in the community:
Active Directory authentication: allow just group of users

Alfresco user only from specific AD group member