Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Is it possible with LDAP?

quasar
Champ in-the-making
Champ in-the-making

‎02-25-2010 02:15 AM

I've got this LDAP stucture:
dc=century,dc=local                           |__ou=group                                             |__cn=alfresco                           |__ou=people                                              |__uid=user1                                              |__uid=user2                                              |__uid=user3‍‍‍‍‍‍‍‍‍
cn=alfresco is:
dn: cn=alfresco,ou=group,dc=century,dc=local
objectClass: posixGroup
objectClass: top
cn: alfresco
gidNumber: 1
memberUid: user1
memberUid: user2

As you can see from this description user1 and user2 are both members of the alfresco group.
I want users from the alfresco group can access the system and I don't want to synchronize groups in alfresco and groups in LDAP but only users.
What are config options for my case?
Thanks a lot!
Labels:
0 Kudos
4 REPLIES 4

durrell
Champ in-the-making
Champ in-the-making

‎02-26-2010 01:39 PM

It's possible.

You need to set your search base to search all users in the AD. Example: OU=people,dc=century,dc=local

Then, you need to set your personQuery to query only those who are members of that group based on CN=Alfresco. Example: (memberOf=CN=alfresco,OU=Group,DC=century,DC=local)

That should work. I tested it on my AD and it returned all members of the group I tested. Let me know if it does. Smiley Happy
0 Kudos

quasar
Champ in-the-making
Champ in-the-making

‎02-27-2010 02:47 AM

Thanks for reply, durrell!
I think my problem is the search query actually.
I'm unable to construct the query to find all users from OU=people,dc=century,dc=local witn memberUid: user1
memberUid: user2 from cn=alfresco,ou=group,dc=century,dc=local.
I'm using OpenLDAP not AD.
Could you help me with it?
0 Kudos

durrell
Champ in-the-making
Champ in-the-making

‎03-01-2010 08:49 AM

I'm not quite sure what you're asking. How many users are you trying to pull into Alfresco? I am not very familiar with OpenLDAP, actually.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎03-01-2010 01:05 PM

In OpenLDAP you need something called Reverse Group Membership Maintenance to be able to query a user's group memberships. See http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance. Rather than requiring all users to be in a certain group, it's more common for them to just be in a certain sub-tree of the LDAP server, in which case you could just configure userSearchBase to use the correct DN prefix.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top