Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Random user creation

simon
Champ in-the-making
Champ in-the-making

‎08-03-2007 10:55 AM

Alfresco,

We have Alfresco linked with OpenLDAP and import the new users every night. Active Directory is used for authentication but not for user creation.

Sometimes a user space is created in the company home at unusual times, random times (16:10, 13:40) while all other (LDAP) imported users don't have a home space (they all use the company home). Our LDAP import is scheduled at 5:40 so this shouldn't have anything to do with it.

I would like to find out more about this so, Alfresco developers, does any of you have an idea what could cause this strange behavior? Is there any other job that creates user or/and users spaces for some reason? Is there a log4j debug line we could activate to monitor this more closely?

Thanks!
Labels:
0 Kudos
6 REPLIES 6

simon
Champ in-the-making
Champ in-the-making

‎08-08-2007 08:56 AM

*bump*

Installed 2.1 Community and we have the same problem… anyone?
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎08-08-2007 10:25 AM

Hi

This is probably a new user being autocreated - before they are added from the ldap import they are auto created when someone logins in at the UI, CIFS, etc.

You can set the config for autocreated users to use company home, or you could set users not to be auto created. See authentication-services-context.xml.

If you want auto created users and also LDAP import you get problems if all your users do not have lower case ids. The auto created used will be created with id as typed in by the user and then the ldap import will update this uid to match that in LDAP - keeping the case. As the user id effectively changes they may not have the correct permissions. This is a known issue. The work around is not to auto create users.

Andy
0 Kudos

simon
Champ in-the-making
Champ in-the-making

‎08-08-2007 11:01 AM

Thanks Andy.

Checked the authentication-services-context.xml file and looked for something 'autocreated' related.

Found this:
<property name="includeAutoCreated">
      <value>false</value>
</property>
So this should already be disabled, is this right?
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎09-03-2007 09:49 AM

Hi

You need to change createMissingPeople on the person service

Then person objects can not be auto created.


    <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="searchService">
            <ref bean="admSearchService" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="authorityService">
           <ref bean="authorityService" />
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent"/>
        </property>
        <property name="personCache">
            <ref bean="personCache" />
        </property>
        <!– Configurable properties.                                 –>
        <!–                                                          –>
        <!– TODO:                                                    –>
        <!– Add support for creating real home spaces adn setting    –>
        <!– permissions on the hame space and people created.        –>
        <!–                                                          –>
        <!– The store in which people are persisted.                 –>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <!– Some authentication mechanisms may need to create people –>
        <!– in the repository on demand. This enables that feature.  –>
        <!– If dsiabled an error will be generated for missing       –>
        <!– people. If enabled then a person will be created and     –>
        <!– persisted.                                               –>
        <!– Valid values are                                         –>
        <!–     ${server.transaction.allow-writes}                   –>
        <!–     false                                                –>
        <property name="createMissingPeople">
           <value>${server.transaction.allow-writes}</value>
        </property>
        <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
        </property>
        <!– New properties after 1.4.0 to deal with duplicate user ids when found –>
        <property name="processDuplicates">
            <value>true</value>
        </property>
        <!– one of:  LEAVE, SPLIT, DELETE –>
        <property name="duplicateMode">
            <value>SPLIT</value>
        </property>
        <property name="lastIsBest">
            <value>true</value>
        </property>
        <property name="includeAutoCreated">
            <value>false</value>
        </property>
    </bean>

Cheers

Andy
0 Kudos

simon
Champ in-the-making
Champ in-the-making

‎09-03-2007 10:47 AM

Thanks Andy, changed this parameter and now waiting a few days to see if something happens / doesn't happen.
0 Kudos

simon
Champ in-the-making
Champ in-the-making

‎09-26-2007 11:17 AM

For further reference: this seems to work fine. We are trying this out for a few weeks and no more random users popping up. Great!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC