Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Authentication by Email

alchemist
Champ in-the-making
Champ in-the-making

‎02-20-2014 11:28 AM

Hello,

I wanted the users to be logged by their Email.Here is my ldap-ad parameters. After synchronisation, I verified that the uid in the database was the mail and not the samaccountname, (ok). But the authentication failed.

Thx for your help!

ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.16.2.44:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=Administrateur@adtest.atolcd.priv
ldap.synchronization.java.naming.security.credentials=/*SECRET*/
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=totototoototo)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou\=alfresco,dc\=adtest,dc\=atolcd,dc\=priv
ldap.synchronization.userSearchBase=ou\=alfresco,dc\=adtest,dc\=atolcd,dc\=priv
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=mail
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
Labels:
0 Kudos
3 REPLIES 3

eswbitto
Confirmed Champ
Confirmed Champ

‎02-20-2014 12:13 PM

When posting your config to this community it would probably be a good idea NOT to include your password. Now everyone knows it and now you have to change that. (That's if you provided your true password by accident).

Your config looks ok…

ldap.authentication.userNameFormat=%s

I would put =domain\\%s

See if that fixes it.
0 Kudos

mrogers
Star Contributor
Star Contributor

‎02-20-2014 12:18 PM

I suspect you don't want to have the userNameFormat=%s.   Instead you want to lookup the user in ldap by the email id.

Edit - yes you need to set your ldap.synchronization.personQuery to find people by email id.

Edit2 - I removed your password for you.
0 Kudos

alchemist
Champ in-the-making
Champ in-the-making

‎02-21-2014 07:22 AM

I tried this but it didn't work. My idea is that AD consider that the mail is not a valid (unique) identifier to get password. The only parameters that AD can accept to give a corresponding password are UPN and DN. That's why alfresco accept the modification (samaccountname to mail) in database but the user still can't log in. Thanks for the password Smiley Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC