I would like to use JAAS (kerberos) authentication and LDAP import in Alfresco such that only users that have been imported into Alfresco are allowed to login.
I've got JAAS working fine, but every single user who can authenticate in my domain can also log in to Alfresco and a user space is automatically created. I can't have this. I need some way of specifying that only one group of users in my directory are allowed to login to Alfresco, and that the login process should use JAAS (kerberos). What I was thinking is that I could import users via LDAP sync and then instruct Alfresco to only allow users that already exist to authenticate…. I can't seem to find a way to make that work.
Another good solution would be to get the LDAP authenticator to use kerberos, but I can only get it to use "simple." I need the management capabilities provided by LDAP with the security and convenience of kerberos for authentication. (I did think to just use LDAP over SSL, but that doesn't seem to work with CIFS, which I also need)
I read the enterprise security wiki page, but couldn't find quite enough information to actually get anything working. I'm even seeing some references in other places to using JAAS and LDAP together, but no instructions on how to set it up.
Help?
