Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication Nightmare

jpv
Champ in-the-making
Champ in-the-making

‎10-22-2009 08:00 AM

I have been trying to configure Alfresco authentication against our Active Directory for more than a month now without any luck.  I have followed every conflicting instruction out there and re-installed Alfresco at least 30 times on 6 different servers on Windows 2K3, XP, Ubuntu and Solaris.  I used Alfresco 3.2 CE and 3.2 nightly 2009-09-29.  It does not seem possible to have everything working while authenticating against AD.

If I configure ntlm only then everything work but no AD authentication.

If I configure passthrough only then Alfresco and Share work, but VTI does not and this only works on Windows.

If I configure LDAP with no SSO then Alfresco works, my AD users are synchronised but no Share and no VTI.

If I enable NTLM SSO and LDAP SSO then Alfresco and Share works but no VTI
Is this related to this issue? https://issues.alfresco.com/jira/browse/ALFCOM-3234

If I configure ntlm, passthrough and ldap then I still only get Alfresco working.

Any help will be greatly appreciated.
Labels:
0 Kudos
1 REPLY 1

jpv
Champ in-the-making
Champ in-the-making

‎10-22-2009 09:38 AM

The closest I could get to a fully working system is with the following settings in alfresco-global.properties.
This gives me a working Alfresco, Share and CIFS but non working VTI and IMAP.

authentication.chain=PASSSmiley Tongueassthru,AD:ldap-ad
#NTLM
#====================
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
alfresco.authentication.allowGuestLogin=true
alfresco.authentication.authenticateCIFS=true
#PASSTHROUGH
#=====================
passthru.authentication.defaultAdministratorUserNames=USERID
passthru.authentication.useLocalServer=false
passthru.authentication.servers=DOMAIN\\DC01.DOMAIN.co.za
passthru.authentication.domain=#
passthru.authentication.authenticateCIFS=true
passthru.authentication.guestAccess=true
passthru.authentication.authenticateCIFS=true
#AD
#=======================
ldap.authentication.active=false
ldap.authentication.sso.enabled=true
ldap.synchronization.active=true
ldap.authentication.java.naming.security.authentication=SIMPLE
ldap.authentication.defaultAdministratorUserNames=USERID
ldap.synchronization.java.naming.security.principal=USERID@DOMAIN
ldap.synchronization.java.naming.security.credentials=PASSWORD
ldap.authentication.userNameFormat=%s@DOMAIN
ldap.authentication.java.naming.provider.url=ldap://DC01.DOMAIN.co.za:389
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=DOMAIN,dc\=co,dc\=za
ldap.synchronization.userSearchBase=ou\=User Accounts,dc\=DOMAIN,dc\=co,dc\=za
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC