cancel
Showing results for 
Search instead for 
Did you mean: 

Allow users of specific ldap group to connect to alfresco

bilel1
Champ in-the-making
Champ in-the-making

Hi, 

I want to prevent any user that is not member of AlfrescoUsers to connect to alfresco. I tried to add filter in personQuery, Synchronisation il working well. But when i try to connect with a user that is not member of this group, alfresco create a person for that user and let him connect. This is the ldap configuration 

authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@mydomain.com
ldap.authentication.java.naming.provider.url=**********
ldap.authentication.defaultAdministratorUserNames=Administrator,AlfrescoSync

ldap.synchronization.java.naming.security.principal=**************
ldap.synchronization.java.naming.security.credentials=********************
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000

ldap.synchronization.userSearchBase=OU=Employes,OU=Utilisateurs,OU=SIEGE,DC=mydomain,DC=com
ldap.synchronization.personQuery=(&(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
ldap.synchronization.personDifferentialQuery=(&(|(objectClass=inetOrgPerson)(objectClass=user)(|(userPrincipalName={0})(sAMAccountName={1})))(memberOf=CN=AlfrescoUsers,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))

ldap.synchronization.groupSearchBase=OU=Groupes,OU=SIEGE,DC=mydomain,DC=com
ldap.synchronization.groupQuery=(&(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))
ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(memberOf=CN=AlfrescoGroups,OU=Groupes,OU=SIEGE,DC=mydomain,DC=com))

synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=false
synchronization.import.cron=0 0/1 * 1/1 * ?

create.missing.people=false
synchronization.autoCreatePeopleOnLogin=false
synchronization.syncWhenMissingPeopleLogIn=false
ldap.synchronization.groupMemberAttributeName=member

1 ACCEPTED ANSWER

bilel1
Champ in-the-making
Champ in-the-making

Solved I have to add synchronization.autoCreatePeopleOnLogin=false on alfresco.global.properties to be read 

View answer in original post

1 REPLY 1

bilel1
Champ in-the-making
Champ in-the-making

Solved I have to add synchronization.autoCreatePeopleOnLogin=false on alfresco.global.properties to be read