03-27-2017 03:14 PM
My ldap have subtree like this
cn=users
cn=r
uid=rodrigo
cn=l
uid=louis
The question is: how to configure alfresco to use a dynamic cn. The documentation contain a information about the "ldap.authentication.userNameFormat" and said "If set to an empty string (the default for the ldap subsystem), an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will be performed to resolve the DN from the user ID dynamically. This allows directories to be structured and does not require the user ID to appear in the DN."
So I think the Alfresco will perform the personQuery but doesn't work too.
Some idea?
03-28-2017 12:15 PM
Hello, sorry for delay. I solved this problem using:
ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)
Now all user can login independently of CN
One more time, Thanks!
03-28-2017 01:51 AM
Maybe you can use another approach - search for objecttype=person that are memberOf users group...
But we need to have more information about your ldap structure - what kind of object are your "cn"s for example.
Alternative: tag your Alfresco users with a special property or put them in a special group...
03-28-2017 04:37 AM
I think what you want is to set the value of
ldap.synchronization.userIdAttributeName=uid
with ldap.authentication.userNameFormat not set
You may also need something like
ldap.synchronization.personQuery=(objectclass\=posixAccount)
03-28-2017 06:49 AM
Hi,
Ian is right. If you use a posix user directory (Linux, zimbra, etc.) your objectclass would be posixAccount
so
ldap.synchronisation.personQuery=(objectclass=posixAccount)
ldap.synchronisation.groupQuery=(objectclass=posixGroup)
would be the simplest queries, retrieving all groups and users.
If you'd describe your environment, we could narrow it down.
03-28-2017 12:15 PM
Hello, sorry for delay. I solved this problem using:
ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)
Now all user can login independently of CN
One more time, Thanks!
Explore our Alfresco products with the links below. Use labels to filter content by product module.