Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco & AD - Groups Best Practices

excitedbynoise
Champ in-the-making
Champ in-the-making

‎02-11-2011 02:06 PM

Is there a best practice on how to design the group structure in Alfresco? In AD I have two types groups, Global Security Groups, which are designed around our Org structure. Then I have groups are assigned to various assets assigned to our shared assets. Nested in these are the global groups. Pretty much right out of Windows best practices.

It would be ideal to be able to create these groups in a single location, then sync them to Alfresco and various other things. However, I'm just not sure the best way to translate the group structure of Active Directory into an ideal configuration for Alfresco.

In general, I'm new to CMS, so I'm looking for some best practice resources on how to store and manage content within Alfresco. Any insight would be appreciated.
Labels:
0 Kudos
2 REPLIES 2

spags88
Champ in-the-making
Champ in-the-making

‎02-18-2011 11:36 AM

Did you find a solution for this? I am looking for the exact same, please tell me if you have?
0 Kudos

hseritt
Champ on-the-rise
Champ on-the-rise

‎04-08-2014 10:31 PM

Hi, I realize this is an old post but in case someone else comes here and is curious, I wrote a blog post that gives an idea how you can set up Active Directory and then how to sync and authenticate with this. Have a read here: http://alfresco.blogwritr.com/?p=48

The gist is this:

Create an OU called Alfresco. Within this OU, create however many Alfresco groups you'd like. Next, go through your users and assign them to become members of your Alfresco groups. Once you've finished that, you can use these settings to bring them in:

(imagine I have a domain called "example.foo")

ldap.synchronization.groupSearchBase=ou\=alfresco,dc\=example,dc\=foo
ldap.synchronization.userSearchBase=dc\=example,dc\=foo

ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=AlfrescoAdmins,ou=alfresco,dc=example,dc=foo)(memberOf=cn\=AlfrescoUsers,ou=alfresco,dc=example,dc=foo)))

ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=AlfrescoAdmins,ou=alfresco,dc=example,dc=foo)(memberOf=cn\=AlfrescoUsers,ou=alfresco,dc=example,dc=foo))(!(modifyTimestamp<\={0})))

There's a bit more to it, so I'd encourage you to read my post. Please comment here or there if you have other suggestions or if I'm missing something.

Thanks!
-Harlin
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC