Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mixing authentication (LDAP and native)

theorbix
Confirmed Champ
Confirmed Champ

‎02-07-2008 08:01 PM

Hello,

I know the question may sound stupid, but is it possible to define one or more Alfresco user accounts that are authenticated against a corporate directory service, and (in the same installation) other user accounts that are authenticated using the internal password?

My corporate IT department has set up a test Alfresco system, where all users are authenticated using the corporate directory service via LDAP.

The problem is that there are one or more remote users that will never be defined into the corporate LDAP, and that it need to access the Alfresco repository.

Would it be possible to create these non-LDAP users in the Alfresco user directory?

Or, once the LDAP authentication is enabled, ALL Alfrsco users must be "mapped" against the LDAP server?
Labels:
0 Kudos
4 REPLIES 4

jos_snellings
Champ in-the-making
Champ in-the-making

‎02-08-2008 09:13 AM

Please, refer to

http://wiki.alfresco.com/wiki/Security_and_Authentication

under section "chaining", the document sounds promising: "
See projects\repository\config\alfresco\extension\chaining-authentication-context.xml.sample for an example of JAAS and Alfresco authentication services combined.

In the configuration, take care to give unique bean names where required in the definitions of each authentication service stack. "

Hope that helps.
0 Kudos

theorbix
Confirmed Champ
Confirmed Champ

‎04-01-2008 07:19 AM

Well, it does not seem so easy….

My Alfresco administrator has configured the server to synchronize all users from the corporate Active Directory server, via LDAP.

This means that users now can login to Alfresco using their "corporate" username and password…. good.

But then I tried to create a new user manually, using the Alfresco web admin UI, and at the end of the Create User wizard I got the following error:

Failed to create Person due to error: Create User is not supported

So it seems that once Alfresco is "hooked" to a corporate directory server, it's a "take all or nothing" situation, and one needs to have ALL the Alfresco users cataloged in the directory server.

This is an annoying limitation, since sometimes (external consultants, temporary workers, etc) it would be useful to be able to create accounts in the Alfresco user directory only (with a "local" Alfresco password) without having to create these accounts in the central directory server.

Alfresco folks… can you confirm this limitation? Any way to get around it?
0 Kudos

xerox
Champ in-the-making
Champ in-the-making

‎04-01-2008 07:55 AM

I didn't test it myself, but I think it is possible in alfresco.

see:
http://wiki.alfresco.com/wiki/Security_and_Authentication#Chaining


Friendly regards,

Nick
0 Kudos

theorbix
Confirmed Champ
Confirmed Champ

‎04-01-2008 08:42 AM

Thanks Xerox for the hint… it points to the same wiki page that I was referred before by Jos.

So it seems that a proper configuration of the the chaining-authentication-context.xml should allow a mix of "LDAP users" and "internal Alfresco users"… interesting.

Has anyone ever tried this type of configuration?

Is it enough to remove the ".sample" suffix from the chaining-authentication-context.xml.sample file and then restart Alfresco, or something else must be done to enable this configuration (pardon me for the stupid question, but I'm a newbie to Alfresco security and authentication configuration…)
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC