https://connect.hyland.com/t5/alfresco-forum/allow-users-of-specific-ldap-group-to-connect-to-alfresco/m-p/88439#M26563 <P>Hi,&nbsp;</P><P>I want to prevent any user that is not member of AlfrescoUsers to connect to alfresco. I tried to add filter in personQuery, Synchronisation il working well. But when i try to connect with a user that is not member of this group, alfresco create a person for that user and let him connect. This is the ldap configuration&nbsp;</P><P>authentication.sso.enabled=false<BR />ldap.authentication.allowGuestLogin=false<BR />ldap.authentication.userNameFormat=%s@mydomain.com<BR />ldap.authentication.java.naming.provider.url=**********<BR />ldap.authentication.defaultAdministratorUserNames=Administrator,AlfrescoSync</P><P>ldap.synchronization.java.naming.security.principal=**************<BR />ldap.synchronization.java.naming.security.credentials=********************<BR />ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'<BR />ldap.synchronization.userIdAttributeName=sAMAccountName<BR />ldap.synchronization.userFirstNameAttributeName=givenName<BR />ldap.synchronization.userEmailAttributeName=mail<BR />ldap.synchronization.groupDisplayNameAttributeName=displayName<BR />ldap.synchronization.groupType=group<BR />ldap.synchronization.personType=user<BR />ldap.synchronization.queryBatchSize=1000<BR />ldap.synchronization.attributeBatchSize=1000</P><P>ldap.synchronization.userSearchBase=OU=Employes,OU=Utilisateurs,OU=SIEGE,DC=mydomain,DC=com<BR />ldap.synchronization.personQuery=(&amp;(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))</P><P>ldap.synchronization.groupSearchBase=OU=Groupes,OU=SIEGE,DC=mydomain,DC=com<BR />ldap.synchronization.groupQuery=(&amp;(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))<BR />ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))</P><P>synchronization.synchronizeChangesOnly=false<BR />synchronization.allowDeletions=true<BR />synchronization.syncWhenMissingPeopleLogIn=false<BR />synchronization.import.cron=0 0/1 * 1/1 * ?</P><P>create.missing.people=false<BR />synchronization.autoCreatePeopleOnLogin=false<BR />synchronization.syncWhenMissingPeopleLogIn=false<BR />ldap.synchronization.groupMemberAttributeName=member</P> Wed, 11 Dec 2019 09:02:03 GMT bilel1 2019-12-11T09:02:03Z https://connect.hyland.com/t5/alfresco-forum/allow-users-of-specific-ldap-group-to-connect-to-alfresco/m-p/88439#M26563 <P>Hi,&nbsp;</P><P>I want to prevent any user that is not member of AlfrescoUsers to connect to alfresco. I tried to add filter in personQuery, Synchronisation il working well. But when i try to connect with a user that is not member of this group, alfresco create a person for that user and let him connect. This is the ldap configuration&nbsp;</P><P>authentication.sso.enabled=false<BR />ldap.authentication.allowGuestLogin=false<BR />ldap.authentication.userNameFormat=%s@mydomain.com<BR />ldap.authentication.java.naming.provider.url=**********<BR />ldap.authentication.defaultAdministratorUserNames=Administrator,AlfrescoSync</P><P>ldap.synchronization.java.naming.security.principal=**************<BR />ldap.synchronization.java.naming.security.credentials=********************<BR />ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'<BR />ldap.synchronization.userIdAttributeName=sAMAccountName<BR />ldap.synchronization.userFirstNameAttributeName=givenName<BR />ldap.synchronization.userEmailAttributeName=mail<BR />ldap.synchronization.groupDisplayNameAttributeName=displayName<BR />ldap.synchronization.groupType=group<BR />ldap.synchronization.personType=user<BR />ldap.synchronization.queryBatchSize=1000<BR />ldap.synchronization.attributeBatchSize=1000</P><P>ldap.synchronization.userSearchBase=OU=Employes,OU=Utilisateurs,OU=SIEGE,DC=mydomain,DC=com<BR />ldap.synchronization.personQuery=(&amp;(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))</P><P>ldap.synchronization.groupSearchBase=OU=Groupes,OU=SIEGE,DC=mydomain,DC=com<BR />ldap.synchronization.groupQuery=(&amp;(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))<BR />ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))</P><P>synchronization.synchronizeChangesOnly=false<BR />synchronization.allowDeletions=true<BR />synchronization.syncWhenMissingPeopleLogIn=false<BR />synchronization.import.cron=0 0/1 * 1/1 * ?</P><P>create.missing.people=false<BR />synchronization.autoCreatePeopleOnLogin=false<BR />synchronization.syncWhenMissingPeopleLogIn=false<BR />ldap.synchronization.groupMemberAttributeName=member</P> Wed, 11 Dec 2019 09:02:03 GMT https://connect.hyland.com/t5/alfresco-forum/allow-users-of-specific-ldap-group-to-connect-to-alfresco/m-p/88439#M26563 bilel1 2019-12-11T09:02:03Z https://connect.hyland.com/t5/alfresco-forum/allow-users-of-specific-ldap-group-to-connect-to-alfresco/m-p/88440#M26564 <P>Solved I have to add&nbsp;<SPAN>synchronization.autoCreatePeopleOnLogin=false on alfresco.global.properties to be read&nbsp;</SPAN></P> Wed, 11 Dec 2019 11:23:46 GMT https://connect.hyland.com/t5/alfresco-forum/allow-users-of-specific-ldap-group-to-connect-to-alfresco/m-p/88440#M26564 bilel1 2019-12-11T11:23:46Z