Hi.
I have a situation similar to that from https://hub.alfresco.com/t5/alfresco-content-services-forum/switch-from-ad-ldap-authentication-to-lo... thread. Unfortunately I don't see a solution there.
I "inherited" some 5.2 installation which was, honestly speaking, unmaintained and kept only as an archive of sorts.
The configuration was as far as I remember and understand the contents to authenticate users using Kerberos against AD and use LDAP to query/synchronize users' group membership.
I needed to migrate the server into another site because the whole domain is being decommisioned so I had to disable Kerberos and LDAP in ACS config. It seems to have gone well.
The problem is that all accounts that were created before and used Kerberos/LDAP still exist but are shown as disabled and the user edit dialog doesn't let me to re-enable the user (the checkbox "disable user" is ticked and greyed out) or set the password for user.
If I create a new test user, he's getting properly created locally and I can freely edit his properties.
I trimmed my authentication.chain so it contains only "alfrescoNtlm1:alfrescoNtlm" now.
I already disabled Kerberos completely in share-config-custom.xml because otherwise the tomcat app would not start properly without KDC access. I disabled all LDAP mentions in tomcat/shared/classes/alfresco/extension...
What else can I do?
I'd like to avoid having to remove users and recreate them by hand.
