Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NTLM passthru, LDAP synchro and user access restriction

lascaux
Champ on-the-rise
Champ on-the-rise

‎02-07-2007 03:27 AM

Hi,

I configured a LDAP synchro (Active Directory) in order to copy users from a particular group into Alfresco.
I also commented the bean <bean id="authenticationComponentImpl"  in the ldap-authentication-context.xml file

I modified the web.xml file to activate the NTLM passthru (in order to allow the access to alfresco without login/password)
the file ntlm-authentication-context.xml has been left to its default value (no "servers" values, "useLocalServer" set to true)

A user from the AD group (so which is synchronized) can connect successfuly to alfresco, but it also allows people which are not part of the group to connect to alfresco (the account is then created in Alfresco).

is it normal ?
How can we restrict the access only to the syncrhonized users ??

Thanks

Sylvain
Labels:
0 Kudos
3 REPLIES 3

andy
Champ on-the-rise
Champ on-the-rise

‎02-07-2007 09:26 AM

Hi

You can turn off the auto creation of people - no one without imported details will be able to log in.

Over-ride the person service bean and change the property createMissingPeople to false.


   <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl">
 …….
        <property name="createMissingPeople">
           <value>false</value>
        </property
…….
    </bean>

Regards

Andy
0 Kudos

lascaux
Champ on-the-rise
Champ on-the-rise

‎02-07-2007 12:17 PM

You can turn off the auto creation of people - no one without imported details will be able to log in.

Over-ride the person service bean and change the property createMissingPeople to false.


   <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl">
 …….
        <property name="createMissingPeople">
           <value>false</value>
        </property
…….
    </bean>

Thanks Andy,

But where to override this bean ??
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎02-13-2007 04:57 AM

Hi

Take the defintion from authentication-services-context.xml and put it in extensions, somewhere like custom-authentication-services-context.xml.
Then make your changes - this will over-ride the bean defintion. Any file matching *-context.xml will be found in the extensions directory.

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC