Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Alfresco and Active Directory authentication
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco and Active Directory authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2009 05:00 PM
Hi all,
I have configured Alfresco 3.2 to search for users in Active Directory base. How the best config I can do to solve these following requirements?
1 - Only users that are within a specific group in a specific OU can access Alfresco. e.g.: cn=alfresco,ou=internal_access,dc=domain,dc=com <– This means a alfresco group inside internal_access OU
2 - When I delete a user on domain, that user needs to be deleted on afresco too.
3 - When I remove a user from the group, the access of that user to Alfresco must be denided.
4 - The Active Directory user cannot be deleted from Alfresco.
I have configured Alfresco 3.2 to search for users in Active Directory base. How the best config I can do to solve these following requirements?
1 - Only users that are within a specific group in a specific OU can access Alfresco. e.g.: cn=alfresco,ou=internal_access,dc=domain,dc=com <– This means a alfresco group inside internal_access OU
2 - When I delete a user on domain, that user needs to be deleted on afresco too.
3 - When I remove a user from the group, the access of that user to Alfresco must be denided.
4 - The Active Directory user cannot be deleted from Alfresco.
Labels:
- Labels:
-
Archive
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2009 10:36 AM
1.
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
2. That will happen on a nightly basis in the scheduled full sync as long as
synchronization.synchronizeChangesOnly=false
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
3. With the current defaults, that will only happen once sync removes the user from Alfresco. However, with an upcoming check in to HEAD (once we get the all clear to start checking in) you could use the new 'dynamic user ID resolution' feature to ensure that users who are not returned by the person query are not authenticated.
4. So you want the users to remain in Alfresco but not be authenticated when you remove them from the group? In that case you want this. personQuery will be used in authentication only. But unfortunately it won't be possible to delete any users with this configuration.
synchronization.synchronizeChangesOnly=true # No deletions
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(modifyTimestamp<\={0})))
ldap.authentication.userNameFormat=# Leave blank for dynamic user ID resolution coming soon!
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
2. That will happen on a nightly basis in the scheduled full sync as long as
synchronization.synchronizeChangesOnly=false
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
3. With the current defaults, that will only happen once sync removes the user from Alfresco. However, with an upcoming check in to HEAD (once we get the all clear to start checking in) you could use the new 'dynamic user ID resolution' feature to ensure that users who are not returned by the person query are not authenticated.
4. So you want the users to remain in Alfresco but not be authenticated when you remove them from the group? In that case you want this. personQuery will be used in authentication only. But unfortunately it won't be possible to delete any users with this configuration.
synchronization.synchronizeChangesOnly=true # No deletions
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(modifyTimestamp<\={0})))
ldap.authentication.userNameFormat=# Leave blank for dynamic user ID resolution coming soon!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2009 10:39 AM
dward, thankyou very much for your anwser!
I have two more questions:
1 - I need to use backslash to escape equals from all parameters contents?
2 - How can I configure these following properties to work with my scenario?
First attempt
It generates the following error:
Second attempt:
It generates the following error:
I have two more questions:
1 - I need to use backslash to escape equals from all parameters contents?
2 - How can I configure these following properties to work with my scenario?
ldap.synchronization.groupSearchBase
ldap.synchronization.userSearchBase
First attempt
ldap.synchronization.groupSearchBase=dc=domain,dc=com
ldap.synchronization.userSearchBase=dc=domain,dc=comIt generates the following error:
08:51:14,750 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
08:51:14,754 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
08:51:15,213 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 09050024 Failed to import people.
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:772)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'dc=domain,dc=com'
at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
at com.sun.jndi.ldap.Connection.readReply(Connection.java:411)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:768)
… 52 more
08:51:15,258 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] completeSecond attempt:
ldap.synchronization.groupSearchBase=ou\=internal_access,dc=domain,dc=com
ldap.synchronization.userSearchBase=ou\=internal_access,dc=domain,dc=comIt generates the following error:
10:33:38,824 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
10:33:38,837 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
10:33:38,903 User:System WARN [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 09050014 Failed to import people.
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:772)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'ou=internal_access,dc=domain,dc=com'
at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
at com.sun.jndi.ldap.Connection.readReply(Connection.java:411)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:768)
… 52 more
10:33:38,911 User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] completeOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2009 09:55 AM
dward, I´ve fixed the problem. The error is on the parameter value sintax:
Wrong:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))(!(modifyTimestamp<\={0}))
Correct:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
Ok, but my problem has not been solved yet. The users who have a valid login on LDAP can still logon to Alfresco. But, those users logins are not syncronized with Alfresco. I´ve noticed that the parameters above is only used to restrict the user syncronization and not to restrict the user logon.
I´m right?
Wrong:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))(!(modifyTimestamp<\={0}))
Correct:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
Ok, but my problem has not been solved yet. The users who have a valid login on LDAP can still logon to Alfresco. But, those users logins are not syncronized with Alfresco. I´ve noticed that the parameters above is only used to restrict the user syncronization and not to restrict the user logon.
I´m right?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2009 10:36 AM
dward,
I´ve solved my problem changing the value of synchronization.autoCreatePeopleOnLogin parameter to false. This parameter is located in /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties file.
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Thankyou very much!
I´ve solved my problem changing the value of synchronization.autoCreatePeopleOnLogin parameter to false. This parameter is located in /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties file.
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Thankyou very much!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2009 09:30 AM
great 4 you bruno, that u have configured alfresco succesfully to integrate in Windows ADS …
can u plz post ur configs here, how u have resolved it ?
i wann login to alfresco with my ads-users …
this works, if users a created twice … once in ads and once in alfresco …
changeing ads-password will let the user login to alfresco with the new passwd …
but newly created users are not able to login …
can u plz post ur configs here, how u have resolved it ?
i wann login to alfresco with my ads-users …
this works, if users a created twice … once in ads and once in alfresco …
changeing ads-password will let the user login to alfresco with the new passwd …
but newly created users are not able to login …
Related Content
- How to call Alfresco REST APIs using OAuth instead of Basic Auth? in Alfresco Forum
- Unable to create "share.log" in Alfresco Forum
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- How can I upgrade pdf.js from 1.5.188 to 3.x or 4.x in Alfresco Forum
- How to authenticate at API in Alfresco 23.2.0 Comminity addition in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
