Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Specific groups login

Autophobia
Champ in-the-making
Champ in-the-making

4 weeks ago

 

I want to be able login only few groups from AD.

I created two configuration files. In the first config. was loaded all users and groups and disabled authetification.

In the second config. is enabled authetification so people mapped in groups in personQuery are able to login.

Problem is that login can everyone. Also I have this error:

org.alfresco.error.AlfrescoRuntimeException: 10240018 Error during LDAP Search. Reason:[LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=sp,DC=local'

]

I think i have a bad logic with this. Can someone please provide me some correct info? To allow login only for specific group, not for everyone.

First Config

 

ntlm.authentication.sso.enabled=false

synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true

ldap.synchronization.active=true
ldap.authentication.active=false
#KREDENC
ldap.synchronization.java.naming.security.principal=login
ldap.synchronization.java.naming.security.credentials=password
ldap.authentication.userNameFormat=%s@domain
ldap.authentication.java.naming.provider.url=ldap://ip:port

ldap.synchronization.userEmailAttributeName=mail
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco

ldap.synchronization.groupSearchBase=ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,cn\=cp,dc\=kl,dc\=local

ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.personQuery=objectclass\=user

Second Config

ldap.authentication.active=true
ldap.synchronization.active=false


ldap.synchronization.java.naming.security.principal=login
ldap.synchronization.java.naming.security.credentials=password
ldap.authentication.userNameFormat=%s@domain
ldap.authentication.java.naming.provider.url=ldap://ip:port


ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco

ldap.synchronization.groupSearchBase=ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,cn\=cp,dc\=kl,dc\=local


ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userType=user
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf=cn\=GROUP1,ou\=DMS_1,ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local)(memberOf=cn\=GROUP2,ou\=DMS_1,ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf=cn\=GROUP1,ou\=DMS_1,ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local)(memberOf=cn\=GROUP2,ou\=DMS_1,ou\=DMS,ou\=Security Groups,ou\=mp,dc\=sp,dc\=local)(userAccountControl:1.2.840.113556.1.4.803:=512))
Labels:
0 Kudos
1 REPLY 1

venzia
Star Collaborator
Star Collaborator

3 weeks ago

Hi, can you share a screenshot about the group path you want to sync and allow assigned users to log in?

KR,

Venzia IT Services & Consulting SL
AQuA Developers | Venzia Community
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC