Hyland Connect

zugs · ‎05-06-2014

Hello,

I have a problem setting up Active Directory authentication. I did a setup by the book and it works, I can authenticate with AD, I can synchronize with AD, but what bothers me is that ALL users can authenticate with AD. This is not what I want. I have two organizational units, Teachers and Students. I want only users within Teachers OU to authenticate and others not. If I put a filter on ldap.synchronization.personQuery it's only for synchronization. Only these users are synced with alfresco, but when I try to login as a Student user, I can. Does anyone have a suggestion? Thank you.

angelborroy · ‎05-06-2014

It seems Alfresco is creating a new user on successful AD authentication.

You should disable create.missing.people property by overriding spring bean for Alfresco 4.2.c or by setting it to false on alfresco-global.properties for Alfresco 4.2.d.

Hyland Developer Evangelist

zugs · ‎05-06-2014

It seems to be working. Thank you very much. Although, I can't say I like this solution, because what if don't want or need synchronization? I just want to authenticate against AD.. Why can't there be a possibility to filter which users you want, which ou or group to look for, like in the sync case?

angelborroy · ‎05-07-2014

Using only AD authentication, you must prepare an LDAP branch on your system containing only Alfresco desired users.

Another alternative is to filter users request based on user DN by extending the LDAP subsystem.

The main reason is that no binding user is required for authentication, because of this no filter or lookup can be configured.

Hyland Developer Evangelist