Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Subtree ldap

Go to answer
maiconramones
Confirmed Champ
Confirmed Champ

‎03-27-2017 03:14 PM

My ldap have subtree like this


cn=users

     cn=r

           uid=rodrigo

     cn=l

           uid=louis


The question is: how to configure alfresco to use a dynamic cn. The documentation contain a information about the "ldap.authentication.userNameFormat" and said "If set to an empty string (the default for the ldap subsystem), an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will be performed to resolve the DN from the user ID dynamically. This allows directories to be structured and does not require the user ID to appear in the DN."

So I think the Alfresco will perform the personQuery but doesn't work too.


Some idea?

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
maiconramones
Confirmed Champ
Confirmed Champ

‎03-28-2017 12:15 PM

Hello, sorry for delay. I solved this problem using:


ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)


Now all user can login independently of CN


One more time, Thanks!

View answer in original post

4 REPLIES 4

Go to answer
mehe
Elite Collaborator
Elite Collaborator

‎03-28-2017 01:51 AM

Maybe you can use another approach - search for objecttype=person that are memberOf users group...

But we need to have more information about your ldap structure - what kind of object are your "cn"s for example.

Alternative: tag your Alfresco users with a special property or put them in a special group...

Go to answer
idwright
Star Collaborator
Star Collaborator

‎03-28-2017 04:37 AM

I think what you want is to set the value of 

ldap.synchronization.userIdAttributeName=uid

with ldap.authentication.userNameFormat not set

You may also need something like 

ldap.synchronization.personQuery=(objectclass\=posixAccount)

Go to answer
mehe
Elite Collaborator
Elite Collaborator

‎03-28-2017 06:49 AM

Hi,

Ian is right. If you use a posix user directory (Linux, zimbra, etc.) your objectclass would be posixAccount

so 

ldap.synchronisation.personQuery=(objectclass=posixAccount)

ldap.synchronisation.groupQuery=(objectclass=posixGroup)

would be the simplest queries, retrieving all groups and users.

If you'd describe your environment, we could narrow it down.

0 Kudos

Go to answer
maiconramones
Confirmed Champ
Confirmed Champ

‎03-28-2017 12:15 PM

Hello, sorry for delay. I solved this problem using:


ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)


Now all user can login independently of CN


One more time, Thanks!

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC