cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco user only from specific AD group member

buhaiqi
Champ in-the-making
Champ in-the-making
Hi,
I'm very beginner in Alfresco and coding.
I need to configure my Alfresco user only sync from specific AD group member.
For several days, I already search and try every info that I got to fulfill what I need.
But still not get proper answer.
Please somebody, help

latest, I use Alfresco Community 4.2d base on info from this link

https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/installation-upgra...


Assume

the group = group1
domain = domain1.com
ou = ou1
principal user = user1@domain1.com
principal password = password1

group1 inside ou1 with member come from several ou (not only ou1), below is my config

synchronization.authCreatePeopleOnLogin=false

ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://server1.domain1.com:389
ldap.synchronization.java.naming.security.principal=user1@domain1.com
ldap.synchronization.java.naming.security.credentials=Password1
ldap.authentication.java.naming.read.timeout=0

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.personQuery=(&(memberof\=CN\=group1,OU\=ou1,DC\=domain1,DC\=com)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(memberof\=CN\=group1,OU\=ou1,DC\=domain1,DC\=com)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

ldap.synchronization.userSearchBase=OU\=ou1,DC\=domain1,DC\=com


Can anyone advice me the correct config?

Thank
2 REPLIES 2

buhaiqi
Champ in-the-making
Champ in-the-making
solved

below is my additional configuration, hope it will help others

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap-ad1:ldap-ad
passthru.authentication.useLocalServer=false
# change dc-server with your current dc, domain with your current domain, and x.x.x.x with your dc server ip address
passthru.authentication.servers=dc-server.domain\\x.x.x.x

ntlm.authentication.sso.enabled=false
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=Administrator
passthru.authentication.offlineCheckInterval=300

ldap.authentication.allowGuestLogin=false
# change domain with your current
ldap.authentication.userNameFormat=%s@domain
# change dc-server with your current dc and domain with your current domain
ldap.authentication.java.naming.provider.url=ldap://dc-server.domain:389
ldap.authentication.defaultAdministratorUserNames=Administrator
# change user with your ad alfresco account and domain with your current domain
ldap.synchronization.java.naming.security.principal=user@domain
# change password with your ad alfresco account password
ldap.synchronization.java.naming.security.credentials=password

ldap.synchronization.queryBatchSize=1000
ldap.synchronization.personType=user
# change your-group with group CN, your-ou with ou where your-group exist, and domain with your current domain
ldap.synchronization.personQuery=(&(memberof\=CN\=your-group,OU\=your-ou,DC\=domain)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(memberof\=CN\=your-group,OU\=your-ou,DC\=domain)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.userSearchBase=DC\=domain
# if you dont want sync group, add empty ou before DC
#ldap.synchronization.groupSearchBase=OU\=empty-ou,DC\=domain
ldap.synchronization.groupSearchBase=DC\=domain

# Sync
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncOnStartup=true
synchronization.autoCreatePeopleOnLogin=false
synchronization.syncWhenMissingPeopleLogIn=false
# Synchron every 10 menit
synchronization.import.cron=0 0/10 * * * ?
ldap.synchronization.enableProgressEstimation=true

vijayendra
Champ in-the-making
Champ in-the-making

The above memberof query for user is not working in my case. I am able to fetch groups but not users from a group.