Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Community - Config LDAP with AD

joshbishop82
Champ in-the-making
Champ in-the-making

‎03-24-2015 10:17 AM

Hello all,

I am new to Alfresco, I have the Community version installed on Windows Server 2012.

I would like to bind the application with my company's LDAP Active Directory server.

I have attempted myself to update the alfresco-global.properties file to include the following:

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@domainname.com
ldap.authentication.java.naming.provider.url=ldaps://adssl.domainname.com:636
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.java.naming.security.principal=x195485
ldap.synchronization.java.naming.security.credentials=mypassword
ldap.synchronization.groupSearchBase=ou=People,dc=domainname,dc=com
ldap.synchronization.userSearchBase=ou=People,dc=domainname,dc=com
synchronization.syncOnStartup=true

It would appear that after I inserted the above and restarted the server that I was able to log into Alfresco using my AD account or so I thought. My username in AD is x195485 and I have admin rights to AD so I thought the above would be how I would bind to LDAP, or so I thought. I tried logging into Alfresco using another username and it failed, the only account that works is mine which x195485 and I wonder if its because I enter my credentials into the above code when I thought what I was doing was entering binding credentials to our AD server.

I am obviously doing something wrong so if someone could please help I would appreciate it. I am by the way, out of my depth with Java so I will need a dummies guide on this please. Also, for the purposes of security I have replaced the actual domain name with domainname.com so please dont assume I havent got these correct.

Thank you.
Labels:
0 Kudos
2 REPLIES 2

joshbishop82
Champ in-the-making
Champ in-the-making

‎03-25-2015 05:45 AM

Hello,

I updated my alfresco-global.properties file with the following. This also failed sadly, still back in the same please I was where by the only account I can log in with apart from the admin account is x195485 which I only have mentioned in the text below as the LDAP binding credentails. Really strange!

### Authentication ###
ldap.authentication.active=true
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.userNameFormat=%s@domainname.com
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=SIMPLE
ldap.authentication.java.naming.read.timeout=30000
ldap.authentication.java.naming.provider.url=ldaps://adssl.domainname.com:636

### LDAP Synchronization ###
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=x195485
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou=Prumerica,ou=People,dc=domainname,dc=com
ldap.synchronization.userSearchBase=ou=Prumerica,ou=People,dc=domainname,dc=com
0 Kudos

joshbishop82
Champ in-the-making
Champ in-the-making

‎03-25-2015 08:00 AM

RESOLVED

My AD binding credentials were the problem, even though that account is allowed to access AD and view and even modify security groups it is not permitted as a service account. I slightly cheated for testing purposes and used a service account from another application that uses LDAP to see if that was the problem and it worked. Furthermore, the format in my reply post above is the format that worked, not my initial post format.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC