Hyland Connect

exa · ‎10-23-2006

Hi,

I have a weird issue : when I login for the first time of the day I enter the url to my alfresco and I directly get connected to the GUEST account.

I then Deconnect freom that account and I can login from my "real" one.

What's really weird is that I have already put the value of "AllowGuestLogin" to false and I still can get in.

When I try to delete that user I get another weird error message :

This is not an error if NTLM was previously activated.
Transaction has been rolled back because it has been marked as rollback-only

How come ?.
How to prevent new users from directly accessing the guest account ?.

/Exa

kevinr · ‎10-24-2006

Are you using the standard Alfresco authentication, or NTLM?

Can you post the changes you made to the config?

Thanks,

Kevin

exa · ‎10-24-2006

Well I configured Alfresco to do LDAP authentication. That's all.
Which config file do you want me to post ?.

kevinr · ‎10-24-2006

To configure out the Guest login, you need to override the authentication-services config:


    <!– The authentication component.                                      –>

    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property>
        <property name="allowGuestLogin">
            <value>false</value>
        </property>
    </bean>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

See the wiki pages on configuring alfresco extensions:
http://wiki.alfresco.com/wiki/Repository_Configuration

Thanks,

Kevin

exa · ‎10-24-2006

Hi Kevin,

I did that already. It's the first I did when installing alfresco.

The I put the LDAP authentication in place. I authenticate via OpenLDAP and that works well

But when people authenticate for the first time they are directly connected, without event given a chance to login. They have to click on the deconnection button in order to get the login screen and then be able to login.

That could be a big issue if alfresco is used a an enterprise CMS.

Do you have a workaround for that ?.

/Exa

andy · ‎10-24-2006

Hi

You need to disallow guest on the ldap auth as this is the one that is used.
If you are chaining you will have to disallow guest access on all.

Something like …


   <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
            
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
            
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
            
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" 
            Usually for simple authentication.
            
            –>
            <value>%s</value>
        </property>
       <property name="allowGuestLogin">
            <value>false</value>
        </property> 
    </bean>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Regards

Andy

Hyland Connect

Disable guest account