cancel
Showing results for 
Search instead for 
Did you mean: 

some LDAP users are able to connect to Alfresco but they should not be

adelohb
Champ in-the-making
Champ in-the-making

Hi, 

I'm begginer in Alfresco and LDAP synchronization.

I need to configure my Alfresco user only sync from specific AD group member.

synchronization gets the users of the adequate group.

When I search all users in the admin console, I find the right users. but I have a test user in the Active Directory that does not belong to the group. and does not appear in the user list in alfresco. but when i try to connect to alfresco with this account it is successful to login. and when I redo the search on the admin console this time it appears.

someone would have an idea to solve this problem please ?

I use Alfresco Community v5.2.0 

here is my configuration


ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain.com
ldap.authentication.java.naming.provider.url=ldap://server:389
ldap.synchronization.java.naming.security.principal=alfresco@domain.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.personType=user
ldap.synchronisation.groupIdAttributeName=cn
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userEmailAttributeName=mail
ldap.synchronisation.groupType=group
ldap.synchronisation.groupMemberAttributeName=member
synchronization.syncOnStartup=true
synchronization.allowDeletions=true
synchronization.autoCreatePeopleOnLogin=false
synchronization.syncWhenMissingPeopleLogIn=false
ldap.synchronization.userSearchBase=OU="Interne users",DC="domain",DC="com"
ldap.synchronization.personQuery=(&(memberOf=CN="Alfresco",OU="software",
OU="Groupes",DC="domain",DC="com")(objectclass=user))

ldap.synchronization.personDifferentialQuery=(&(memberOf=CN="Alfresco",OU="software",
OU="Groupes",DC=domain,DC=com)(objectclass=user)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=OU="software",OU="Groupes",DC=domain,DC=com
ldap.synchronization.groupQuery=(&(CN="Alfresco")(objectCategory=group))

2 REPLIES 2

cesarista
World-Class Innovator
World-Class Innovator

Hi:

This should work:

synchronization.autoCreatePeopleOnLogin=false

But it may depend on your chain authentication, for example if have passthru subsystem in the chain besides de ldap-ad. 

Synchronization configuration properties | Alfresco Documentation 

Kind regards.

--C.

adelohb
Champ in-the-making
Champ in-the-making

thank you for your answer,

here is the authentication chain

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1-ad:ldap-ad