Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure Alfresco community to sync AD users

bostjanc
Champ in-the-making
Champ in-the-making

‎06-29-2016 07:21 AM

Hi guys.
Installed (alfresco-community-installer-201605-win-x64).
Would like to achieve that alfresco would be synced with Windows Active Directory.
Are there any tutorials (step by steps) how to achieve in this version in community edition?
Haven't found anything useful yet on the net.
Thank you.
With best regards
Labels:
0 Kudos
7 REPLIES 7

romschn
Star Collaborator
Star Collaborator

‎06-29-2016 07:33 AM

Kindly take a look at the documentation at the following link http://docs.alfresco.com/community/concepts/auth-ldap-intro.html and sections under it. It should help you get started.

Hope this helps.
Ramesh Chauhan
www.techfundas.in
www.ecmtree.com
0 Kudos

bostjanc
Champ in-the-making
Champ in-the-making
In response to romschn

‎06-29-2016 08:39 AM

Thanks for the links. We have managed to configure Alfresco vs Active directory. Under people the search results return AD users/objects…
We have a next problem, that users cannot login with their AD credentials into ALFRESCO website.
Do you need to do any additional steps to achieve the login process?
0 Kudos

bostjanc
Champ in-the-making
Champ in-the-making
In response to bostjanc

‎06-30-2016 06:43 AM

Ok, the problem regarding making authentication… Have figured out the root the problem, but dont know the solution yet…
In global properties one of the line is the userNameFormat: ldap.authentication.userNameFormat=%s@domain.com
But in our case UPN is: name.surname@domain.com
so %s@domain.com works only for JOHN@domain.com but not for JOHN.COOK@domain.com
how to achieve that even JOHN.COOK@domain.com will be authenticated at the login site?
any suggestions please.
with best regards
0 Kudos

bostjanc
Champ in-the-making
Champ in-the-making

‎06-30-2016 08:03 AM

Ok, managed to figure it out that NAME.SURNAME (without domain) can be used for login.
But why SSO is not working?
What must we do to enable SSO for ALFRESCO SHARE site?
with best regards
0 Kudos

steven_okennedy
Star Contributor
Star Contributor

‎06-30-2016 08:33 AM

The LDAP/LDAP-AD subsystems don't provide passwordless single-sign on, what it does is it allows authentication via a username/password against users stored in LDAP/Active Directory.

If you want to be automatically logged in without the user needing to enter a password, you'll need to look at the Kerberos or Pass-through authentication subsystems.  The standard documentation is pretty good in this area http://docs.alfresco.com/5.1/concepts/auth-subsystem-types.html

Regards

Steven
0 Kudos

memphissk
Champ in-the-making
Champ in-the-making

‎07-19-2016 04:10 AM

Hello,
could you help me with ldap-ad config file? I've installed alfresco-community-installer-201605-linux-x64.bin on Centos 7 and now i need to configure authentification to MS Active Directory. I downloaded ldap-ad config file (extracted from community-edition-5.2.a-EA.zip) copied to /opt/alfresco-community/tomcat/webapps/alfresco/WEB-INF/classes and still files are not loaded. When i check tomcat log files (/opt/alfresco-community/tomcat/logs/catalina.out ) i see org.alfresco.repo.security.authentication.AuthenticationException: 06190001 Failed to communicate with ldap://domaincontroller.company.com:389. Reason javax.naming.CommunicationException, domaincontroller.company.com:389, java… Could you identify where is default value "domaincontroller.company.com:389" definied, or where should be located ldap-ad authentication files?
Thanks in advance
0 Kudos

steven_okennedy
Star Contributor
Star Contributor

‎07-19-2016 04:17 PM

Hi,

You need to make sure that you've followed the steps outlined in the documentation (http://docs.alfresco.com/5.1/concepts/auth-config-examples.html) and make sure that you are putting the properties files in the right place - authentication is dealt with as a set of chained subsystems each which is configured separately, so Alfresco expects the configuration to be in a subsystem specific folder.  Also, don't drop files directly into the exploded WAR folder, that will just get them lost on redeploy, use the extensions folder instead.  E.g if the authentication subsystem referenced by your authentication chain is called "ad1", your files related to it would go in the location:

tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ad1/ad1.properties.

Refer to the docs around how to set each of the properties you need to override.

One last thing when using LDAP-AD from a Linux box, make sure to add an entry to your /etc/hosts file that matches the domain name of your AD server and point it to the IP address of your AD server - this avoids issues if your server can't resolve the primary domain controller automatically

Regards

Steven
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC