Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure AD authentication users in Alfresco 5.0.a?

psouza
Champ on-the-rise
Champ on-the-rise

‎08-22-2014 10:17 AM

I'm New to Alfresco and follow various scripts to configure authentication and sicnronização of users and groups from AD, but none worked.
Can someone send me a step-by-step how to configure AD authentication users in Alfresco 5.0.a?


Thank you!
Labels:
14 REPLIES 14

sharifu
Confirmed Champ
Confirmed Champ
In response to gnyce

‎10-12-2015 12:04 PM

Below is my configuration for ldap sso


### AD SSO
authentication.chain=passthru1:passthru,ldap1:ldap-ad
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true

ldap.authentication.active=false
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://echo.uk.domain.com:389

passthru.authentication.authenticateCIFS=true
passthru.authentication.domain=DOMAIN
passthru.authentication.servers=DOMAIN\\echo.uk.domain.com,DOMAIN\\jarvis.usa.domain.com
passthru.authentication.defaultAdministratorUserNames=johnl,markw,administrator,alfresco,sharifu

synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0 1 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true

ldap.synchronization.active=true
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.java.naming.security.authenticaton=simple
ldap.synchronization.java.naming.security.principal=administrator@domain.com
ldap.synchronization.java.naming.security.credentials=****

#ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user))
#ldap.synchronization.groupQuery=(objectclass\=group)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(CN\=allusers)(!(modifyTimestamp<\={0})))

ldap.synchronization.userSearchBase=ou\=Sites,dc\=domain,dc\=com
ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=com



The way i fixed it was by forcing an ldap.
0 Kudos

sandeepreddy1
Star Contributor
Star Contributor

‎07-18-2016 02:40 AM

Hai Everyone,
I integrated alfresco with Active Directory, These are AD properties http://pastebin.com/WAsDEFLS , i created a folder 'Alfresco-DATA' in alfresco-dms site. after that in manage permissions i searched user xyz like this
https://i.imgsafe.org/c76c0295a3.png and i added that user it is showing empty like this https://i.imgsafe.org/c76e4daa24.png .
can anyone help me out please. is there any solution
0 Kudos

sandeepreddy1
Star Contributor
Star Contributor
In response to sandeepreddy1

‎07-18-2016 02:43 AM

Hai Everyone,
I integrated alfresco with Active Directory, These are AD properties http://pastebin.com/WAsDEFLS , i created a folder 'Alfresco-DATA' in alfresco-dms site. after that in manage permissions i searched user xyz like this
https://i.imgsafe.org/c76c0295a3.png and i added that user it is showing empty like this https://i.imgsafe.org/c76e4daa24.png .
can anyone help me out please. is there any solution


These are my AD properties

###Ldap####

authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false

ldap.authentication.active=true

ldap.authentication.userNameFormat=%s@empover.hyd
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.3.27:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=testuser
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=testuser@empover.hyd
ldap.synchronization.java.naming.security.credentials=user123
ldap.synchronization.queryBatchSize=10000
ldap.synchronization.attributeBatchSize=10000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=objectClass=user
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=EMPOU\,dc=empover,dc=hyd
ldap.synchronization.userSearchBase=ou=EMPOU,dc=empover,dc=hyd

cifs.domain=empover.hyd


ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

synchronization.autoCreatePeopleOnLogin=true
synchronization.synchronizeChangesOnly=true

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/1 * * * ?
ldap.authentication.allowGuestLogin=true
0 Kudos

manikandan
Champ on-the-rise
Champ on-the-rise

‎08-17-2016 11:06 AM

I have created a group in ldap which I want to be able to login in alfresco, in order to restrict the remaing users that are not part of the group to login in alfresco and therefore have access to alfresco.
the problem is that everyone who has an account in ladp can login in alfresco


Please help me at earliest

johni_angriss
Champ on-the-rise
Champ on-the-rise

‎10-25-2016 01:01 PM

Good afternoon I'm having trouble authenticating with AD

I would like to manage users with permission to access a group. it's possible?

GED = Group

Afresco GED = OU

ldap.synchronization.groupSearchBase=cn=ged,ou=Alfresco GED,dc=pg,dc=intra

#groups for alfresco, cn=Security_Groups,ou=Alfresco,dc=pg,dc=com must exist in Your ldap

ldap.synchronization.userSearchBase=cn=ged,ou=Alfresco GED,dc=pg,dc=intra

#users for alfresco, cn=User_Accounts,ou=Alfresco,dc=your_domain,dc=com must exist in Your ldap

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC