Hyland Connect

petershine · ‎01-13-2010

I am currently building a cloud system allowing remote users to access hosted Alfresco.
The most important feature in our my is using VPN allowing CIFS mapping for remote Windows users, not requiring them to use WebDAV.

If I use only Alfresco NTLM authentication, regular web logging-in(Explorer and Share), and even CIFS through VPN have no problem at all.
However, for the purpose of keeping user data in one place and possibly use it with other services, I've just begun to implement LDAP, specifically OpenLDAP under Debian environment.

So far, regular logging in and WebDAV have no problem. Though it's not easy to setup LDAP to be the primary place which only exports its user data to Alfresco, the aspect of having one unified place to keep user information is quite attractive.

However, this implementation caused critical problem not allowing CIFS access. From wiki document like, "Authentication Subsystem" http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuring_the_Authentication_Chai... an instruction is given to use chaining.

I've configured alfresco-global.properties as instructed:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap‍

And configured other subsystem properties. Setting LDAP authentication active.

However, CIFS is still not working and I just can't find the right answer. Can anyone help me what I missed? Thank you

gronfelt · ‎01-14-2010

Is the problem that CIFS is not working with the password set in Alfresco?

The reason I'm asking is because in your question it seems that you wan't to authenticate your users with the password stored in LDAP, is that correct? If that's the case that is unfortunately not possible due to differences in the password hashing.

dward · ‎01-14-2010

It should be possible to use the passthru subsystem in your authentication chain to authenticate against Samba. See

http://forums.alfresco.com/en/viewtopic.php?f=9&t=21091

petershine · ‎01-14-2010

Is the problem that CIFS is not working with the password set in Alfresco?
The reason I'm asking is because in your question it seems that you wan't to authenticate your users with the password stored in LDAP, is that correct? If that's the case that is unfortunately not possible due to differences in the password hashing.

Thank you for your quick reply and pointing out the important matter.
I've done more after submitting the post, trying to understand Authentication limitations.
And as you've wanted to confirmed, the issue was about using One ID and Password stored in LDAP, which is not possible for Alfresco (without an extra tuning?).

I've found out that it's possible to have identical username with the different space name, virtually allowing the user to have 2 kinds of password for CIFS access and LDAP authentication. However, this kind of walkaround is totally against the very intention of adopting LDAP.

After you've posted, an Alfresco Engineer "dward: http://forums.alfresco.com/en/viewtopic.php?f=9&t=24294#p79395" posted:

"It should be possible to use the passthru subsystem in your authentication chain to authenticate against Samba. See http://forums.alfresco.com/en/viewtopic.php?f=9&t=21091

I think there's an answer I'm looking for.

petershine · ‎01-14-2010

It should be possible to use the passthru subsystem in your authentication chain to authenticate against Samba. See

http://forums.alfresco.com/en/viewtopic.php?f=9&t=21091

Thank you, I'll carefully look into it.

Hyland Connect

Authentication Chaining: using CIFS, with LDAP sync