topic Re: OpenLDAP authentication, if username already existed, both authentications are valid after sync in Alfresco Forum https://connect.hyland.com/t5/alfresco-forum/openldap-authentication-if-username-already-existed-both/m-p/53679#M19975 <HTML><HEAD></HEAD><BODY><P>Using SQL queries I have found the difference between user created with <SPAN>NATIVE</SPAN> Alfresco authentication and user with same username imported from LDAP.</P><P>So, <SPAN>NATIVE</SPAN> user is stored in&nbsp;database table&nbsp;<EM>alf_node</EM> with types <EM>user</EM> and <EM>person</EM>.</P><P>Mixed user also&nbsp;has both types.</P><P>LDAP user&nbsp;<SPAN>has only&nbsp;</SPAN><SPAN>&nbsp;type <EM>person</EM>.</SPAN></P><P><SPAN>Besides,&nbsp;with db objects <EM>alf_child_assoc</EM> it&nbsp;was found, that&nbsp;NATIVE person&nbsp;object is owned by&nbsp;AUTH.ALF&nbsp;object, while LDAP <SPAN>person&nbsp;</SPAN><SPAN>object</SPAN><SPAN><SPAN>&nbsp;is owned by AUTH.EXT.ldap1 object.</SPAN></SPAN></SPAN></P><P><SPAN><SPAN><SPAN>Mixed person object is owned by both&nbsp;AUTH.ALF and AUTH.EXT.ldap1&nbsp;objects.</SPAN></SPAN></SPAN></P><P><SPAN>ACL is made by db object&nbsp;<EM>alf_authority</EM> where username is stored as String.</SPAN></P><P><SPAN>So I hope that&nbsp;ACL&nbsp;made by native user will be effective for both LDAP and mixed user with same name.</SPAN></P><P>The same may be true for&nbsp;access to documents owned by <SPAN>NATIVE</SPAN> user - I suppose access to these documents will be&nbsp;effective for LDAP and mixed user with same username.</P><P><SPAN>The only problem is that field <EM>authority</EM> in&nbsp;<EM>alf_authority</EM>&nbsp;is case sensitive while username is&nbsp;case insensitive.&nbsp;</SPAN></P><P><SPAN>So in case if LDAP username and&nbsp;NATIVE username have different case, there may be problem with access&nbsp;of LDAP user to documetns of NATIVE user.</SPAN></P></BODY></HTML> Thu, 21 Feb 2019 10:23:59 GMT skushnerenko 2019-02-21T10:23:59Z OpenLDAP authentication, if username already existed, both authentications are valid after sync https://connect.hyland.com/t5/alfresco-forum/openldap-authentication-if-username-already-existed-both/m-p/53678#M19974 We have to provide authentication with&nbsp;OpenLDAP&nbsp;so, that after synchronization with OpenLDAP usernames from OpenLDAP, which already existed&nbsp;for&nbsp; alfrescoNtlm authentication, would keep all the access to&nbsp;owned&nbsp;documents.That is, we had user John with alfrescoNtlm authentication, which had long workin Wed, 13 Feb 2019 09:05:25 GMT https://connect.hyland.com/t5/alfresco-forum/openldap-authentication-if-username-already-existed-both/m-p/53678#M19974 skushnerenko 2019-02-13T09:05:25Z Re: OpenLDAP authentication, if username already existed, both authentications are valid after sync https://connect.hyland.com/t5/alfresco-forum/openldap-authentication-if-username-already-existed-both/m-p/53679#M19975 <HTML><HEAD></HEAD><BODY><P>Using SQL queries I have found the difference between user created with <SPAN>NATIVE</SPAN> Alfresco authentication and user with same username imported from LDAP.</P><P>So, <SPAN>NATIVE</SPAN> user is stored in&nbsp;database table&nbsp;<EM>alf_node</EM> with types <EM>user</EM> and <EM>person</EM>.</P><P>Mixed user also&nbsp;has both types.</P><P>LDAP user&nbsp;<SPAN>has only&nbsp;</SPAN><SPAN>&nbsp;type <EM>person</EM>.</SPAN></P><P><SPAN>Besides,&nbsp;with db objects <EM>alf_child_assoc</EM> it&nbsp;was found, that&nbsp;NATIVE person&nbsp;object is owned by&nbsp;AUTH.ALF&nbsp;object, while LDAP <SPAN>person&nbsp;</SPAN><SPAN>object</SPAN><SPAN><SPAN>&nbsp;is owned by AUTH.EXT.ldap1 object.</SPAN></SPAN></SPAN></P><P><SPAN><SPAN><SPAN>Mixed person object is owned by both&nbsp;AUTH.ALF and AUTH.EXT.ldap1&nbsp;objects.</SPAN></SPAN></SPAN></P><P><SPAN>ACL is made by db object&nbsp;<EM>alf_authority</EM> where username is stored as String.</SPAN></P><P><SPAN>So I hope that&nbsp;ACL&nbsp;made by native user will be effective for both LDAP and mixed user with same name.</SPAN></P><P>The same may be true for&nbsp;access to documents owned by <SPAN>NATIVE</SPAN> user - I suppose access to these documents will be&nbsp;effective for LDAP and mixed user with same username.</P><P><SPAN>The only problem is that field <EM>authority</EM> in&nbsp;<EM>alf_authority</EM>&nbsp;is case sensitive while username is&nbsp;case insensitive.&nbsp;</SPAN></P><P><SPAN>So in case if LDAP username and&nbsp;NATIVE username have different case, there may be problem with access&nbsp;of LDAP user to documetns of NATIVE user.</SPAN></P></BODY></HTML> Thu, 21 Feb 2019 10:23:59 GMT https://connect.hyland.com/t5/alfresco-forum/openldap-authentication-if-username-already-existed-both/m-p/53679#M19975 skushnerenko 2019-02-21T10:23:59Z