Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

LDAP works....sorta

eswbitto
Confirmed Champ
Confirmed Champ

‎06-27-2013 06:42 PM

I'm having issue with trying to get active directory working with alfresco. I've been able to authenticate a user to log into alfresco with their active directory credentials. However I can't seem to be able to search a list of all users using the People Finder function. This is going to be crucial for our society in order to initially setup sites and members to those site.

Here is a config that I have residing in this location: webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad


ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@test.lan
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://dmc.test.lan:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator,alfresco
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=alfresco@test.lan
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou=\domain,dc=com
ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\domain,dc=com


——————————————————————————-
Also I'm on the 4.2.c community version and per instructions I also added this entry to:
webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml
Found this bean:

<bean id="ldapInitialDirContextFactory">
<property name="initialDirContextEnvironment">
<map>

Added this entry -

<entry key="java.naming.referral">
<value>follow</value>
</entry>


The authentication works….but I can't search for other users. Does alfresco have this functionality?
Labels:
0 Kudos
2 REPLIES 2

mrogers
Star Contributor
Star Contributor

‎06-28-2013 02:01 AM

Search only searches in alfresco, not your external directories.  Users will be created in alfresco as and when they log in.

And the advice that told you to hack the files below WEB-INF is wrong.  Yes it works but you will cause yourself upgrade problems in future and you also won't be able to configure more than one authentication subsystem in the authentication chain.
0 Kudos

eswbitto
Confirmed Champ
Confirmed Champ
In response to mrogers

‎06-28-2013 11:08 AM

@mrogers

Where should I be making this configuration then? Do I copy the file somewhere else or just the config part?


*edit*
(Resolution: I had the wrong UPN and it wasn't syncing correctly)
Now I have a different problem… I didn't include some OU's and search results show those. Is there a way to filter?

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
li.common.scroll-to.top