Hello all,
I've got Alfresco 4.0.d community successfully authenticating and synchronizing with ActiveDirectory (see config below). I do have one problem however. given that there's a test_user user in AD and given that we can login as test_user@domain and test_user@domain.local, I can login three different ways with the same password. That is, I can login as:
test_user
test_user@domain
test_user@domain.local
Those are created in alfresco as three different users (with the usernames as above). Is there a way to tell alfresco that the same AD user should map to just one alfresco user? Otherwise, I'm going to have trouble later as users somehow login in more than one way and find that documents they've updated as one user aren't owned by them when they' logged in as a variant n the first user's login? Or that in the second login they aren't in the same groups or don't have access to sharepoint sites they had when logged in as the first user.
==== config starts ====
authentication.chain=ldap1:ldap-ad,passthru1
assthru,alfrescoNtlm1:alfrescoNtlm
alfrescoNtlm.ntlm.authentication.sso.enabled=false
alfrescoNtlm.alfresco.authentication.authenticateCIFS=false
passthru.ntlm.authentication.sso.enabled=false
passthru.passthru.authentication.authenticateCIFS=false
passthru.authentication.useLocalServer=false
passthru.authentication.servers=DOMAIN\\111.22.33.1,DOMAIN\\11.22.33.2
ldap.authentication.authenticateCIFS=false
ldap.authentication.active=true
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://111.22.33.3
ldap.authentication.defaultAdministratorUserNames=Administrator,admin
ldap.synchronization.java.naming.security.principal=user@domain.local
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=domain,dc\=domain,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,ou\=domain,dc\=domain,dc\=local
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.synchronization.personQuery=(givenName\=*)
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
==== config ends ====
Many thanks,
Gerald
I've got Alfresco 4.0.d community successfully authenticating and synchronizing with ActiveDirectory (see config below). I do have one problem however. given that there's a test_user user in AD and given that we can login as test_user@domain and test_user@domain.local, I can login three different ways with the same password. That is, I can login as:
test_user
test_user@domain
test_user@domain.local
Those are created in alfresco as three different users (with the usernames as above). Is there a way to tell alfresco that the same AD user should map to just one alfresco user? Otherwise, I'm going to have trouble later as users somehow login in more than one way and find that documents they've updated as one user aren't owned by them when they' logged in as a variant n the first user's login? Or that in the second login they aren't in the same groups or don't have access to sharepoint sites they had when logged in as the first user.
==== config starts ====
authentication.chain=ldap1:ldap-ad,passthru1
assthru,alfrescoNtlm1:alfrescoNtlmalfrescoNtlm.ntlm.authentication.sso.enabled=false
alfrescoNtlm.alfresco.authentication.authenticateCIFS=false
passthru.ntlm.authentication.sso.enabled=false
passthru.passthru.authentication.authenticateCIFS=false
passthru.authentication.useLocalServer=false
passthru.authentication.servers=DOMAIN\\111.22.33.1,DOMAIN\\11.22.33.2
ldap.authentication.authenticateCIFS=false
ldap.authentication.active=true
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://111.22.33.3
ldap.authentication.defaultAdministratorUserNames=Administrator,admin
ldap.synchronization.java.naming.security.principal=user@domain.local
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=domain,dc\=domain,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,ou\=domain,dc\=domain,dc\=local
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.synchronization.personQuery=(givenName\=*)
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
==== config ends ====
Many thanks,
Gerald
