Alfresco and Active Directory authentication

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2009 05:00 PM
Hi all,
I have configured Alfresco 3.2 to search for users in Active Directory base. How the best config I can do to solve these following requirements?
1 - Only users that are within a specific group in a specific OU can access Alfresco. e.g.: cn=alfresco,ou=internal_access,dc=domain,dc=com <– This means a alfresco group inside internal_access OU
2 - When I delete a user on domain, that user needs to be deleted on afresco too.
3 - When I remove a user from the group, the access of that user to Alfresco must be denided.
4 - The Active Directory user cannot be deleted from Alfresco.
I have configured Alfresco 3.2 to search for users in Active Directory base. How the best config I can do to solve these following requirements?
1 - Only users that are within a specific group in a specific OU can access Alfresco. e.g.: cn=alfresco,ou=internal_access,dc=domain,dc=com <– This means a alfresco group inside internal_access OU
2 - When I delete a user on domain, that user needs to be deleted on afresco too.
3 - When I remove a user from the group, the access of that user to Alfresco must be denided.
4 - The Active Directory user cannot be deleted from Alfresco.
Labels:
- Labels:
-
Archive
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2009 10:36 AM
1.
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
2. That will happen on a nightly basis in the scheduled full sync as long as
synchronization.synchronizeChangesOnly=false
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
3. With the current defaults, that will only happen once sync removes the user from Alfresco. However, with an upcoming check in to HEAD (once we get the all clear to start checking in) you could use the new 'dynamic user ID resolution' feature to ensure that users who are not returned by the person query are not authenticated.
4. So you want the users to remain in Alfresco but not be authenticated when you remove them from the group? In that case you want this. personQuery will be used in authentication only. But unfortunately it won't be possible to delete any users with this configuration.
synchronization.synchronizeChangesOnly=true # No deletions
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(modifyTimestamp<\={0})))
ldap.authentication.userNameFormat=# Leave blank for dynamic user ID resolution coming soon!
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
2. That will happen on a nightly basis in the scheduled full sync as long as
synchronization.synchronizeChangesOnly=false
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
3. With the current defaults, that will only happen once sync removes the user from Alfresco. However, with an upcoming check in to HEAD (once we get the all clear to start checking in) you could use the new 'dynamic user ID resolution' feature to ensure that users who are not returned by the person query are not authenticated.
4. So you want the users to remain in Alfresco but not be authenticated when you remove them from the group? In that case you want this. personQuery will be used in authentication only. But unfortunately it won't be possible to delete any users with this configuration.
synchronization.synchronizeChangesOnly=true # No deletions
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(modifyTimestamp<\={0})))
ldap.authentication.userNameFormat=# Leave blank for dynamic user ID resolution coming soon!

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2009 10:39 AM
dward, thankyou very much for your anwser!
I have two more questions:
1 - I need to use backslash to escape equals from all parameters contents?
2 - How can I configure these following properties to work with my scenario?
First attempt
It generates the following error:
Second attempt:
It generates the following error:
I have two more questions:
1 - I need to use backslash to escape equals from all parameters contents?
2 - How can I configure these following properties to work with my scenario?
ldap.synchronization.groupSearchBaseldap.synchronization.userSearchBase
I´ve configured the above parameters with these two contents:First attempt
ldap.synchronization.groupSearchBase=dc=domain,dc=comldap.synchronization.userSearchBase=dc=domain,dc=com
It generates the following error:
08:51:14,750 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'08:51:14,754 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'08:51:15,213 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registriesorg.alfresco.error.AlfrescoRuntimeException: 09050024 Failed to import people. at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:772) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908) at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904) at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62) at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355) at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460) at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276) at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49) at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'dc=domain,dc=com' at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60) at com.sun.jndi.ldap.Connection.readReply(Connection.java:411) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:768) … 52 more08:51:15,258 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete
Second attempt:
ldap.synchronization.groupSearchBase=ou\=internal_access,dc=domain,dc=comldap.synchronization.userSearchBase=ou\=internal_access,dc=domain,dc=com
It generates the following error:
10:33:38,824 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'10:33:38,837 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'10:33:38,903 User:System WARN [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registriesorg.alfresco.error.AlfrescoRuntimeException: 09050014 Failed to import people. at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:772) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908) at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489) at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904) at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62) at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355) at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460) at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276) at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49) at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'ou=internal_access,dc=domain,dc=com' at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60) at com.sun.jndi.ldap.Connection.readReply(Connection.java:411) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938) at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.<init>(LDAPUserRegistry.java:768) … 52 more10:33:38,911 User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2009 09:55 AM
dward, I´ve fixed the problem. The error is on the parameter value sintax:
Wrong:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))(!(modifyTimestamp<\={0}))
Correct:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
Ok, but my problem has not been solved yet. The users who have a valid login on LDAP can still logon to Alfresco. But, those users logins are not syncronized with Alfresco. I´ve noticed that the parameters above is only used to restrict the user syncronization and not to restrict the user logon.
I´m right?
Wrong:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))(!(modifyTimestamp<\={0}))
Correct:
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp<\={0})))
Ok, but my problem has not been solved yet. The users who have a valid login on LDAP can still logon to Alfresco. But, those users logins are not syncronized with Alfresco. I´ve noticed that the parameters above is only used to restrict the user syncronization and not to restrict the user logon.
I´m right?

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2009 10:36 AM
dward,
I´ve solved my problem changing the value of synchronization.autoCreatePeopleOnLogin parameter to false. This parameter is located in /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties file.
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Thankyou very much!
I´ve solved my problem changing the value of synchronization.autoCreatePeopleOnLogin parameter to false. This parameter is located in /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties file.
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Thankyou very much!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2009 09:30 AM
great 4 you bruno, that u have configured alfresco succesfully to integrate in Windows ADS …
can u plz post ur configs here, how u have resolved it ?
i wann login to alfresco with my ads-users …
this works, if users a created twice … once in ads and once in alfresco …
changeing ads-password will let the user login to alfresco with the new passwd …
but newly created users are not able to login …
can u plz post ur configs here, how u have resolved it ?
i wann login to alfresco with my ads-users …
this works, if users a created twice … once in ads and once in alfresco …
changeing ads-password will let the user login to alfresco with the new passwd …
but newly created users are not able to login …
