12-11-2019 04:02 AM
Hi,
I want to prevent any user that is not member of AlfrescoUsers to connect to alfresco. I tried to add filter in personQuery, Synchronisation il working well. But when i try to connect with a user that is not member of this group, alfresco create a person for that user and let him connect. This is the ldap configuration
authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@mydomain.com
ldap.authentication.java.naming.provider.url=**********
ldap.authentication.defaultAdministratorUserNames=Administrator,AlfrescoSync
ldap.synchronization.java.naming.security.principal=**************
ldap.synchronization.java.naming.security.credentials=********************
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.userSearchBase=OU=Employes,OU=Utilisateurs,OU=SIEGE,DC=mydomain,DC=com
ldap.synchronization.personQuery=(&(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
ldap.synchronization.personDifferentialQuery=(&(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
ldap.synchronization.groupSearchBase=OU=Groupes,OU=SIEGE,DC=mydomain,DC=com
ldap.synchronization.groupQuery=(&(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=false
synchronization.import.cron=0 0/1 * 1/1 * ?
create.missing.people=false
synchronization.autoCreatePeopleOnLogin=false
synchronization.syncWhenMissingPeopleLogIn=false
ldap.synchronization.groupMemberAttributeName=member
12-11-2019 06:23 AM
Solved I have to add synchronization.autoCreatePeopleOnLogin=false on alfresco.global.properties to be read
12-11-2019 06:23 AM
Solved I have to add synchronization.autoCreatePeopleOnLogin=false on alfresco.global.properties to be read
Explore our Alfresco products with the links below. Use labels to filter content by product module.