Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

auth against active directoy using ldaps

elmuchacho
Champ in-the-making
Champ in-the-making

‎10-02-2009 06:24 AM

i found some informations about this by searching this forum and reading the wiki …

I have an ubuntu 8.04 LTS system with running alfresco on it …
Right now it works by using alfresco's local user db

I would like to login to alfresco by using my MS Active Directory credentials.
the ldap-connection is established (ldapsearch works)
now i need to configure the alfresco global properties file:
my 1st try will go like this:
### AUTH against MS-ADS
authentication.chain=passthru1:passthru,ldap1:ldap-ad
ldap.authentication.active=false
passthru.authentication.domain=
passthru.authentication.servers=test\\srv.test.local,srv.test.local
passthru.authentication.defaultAdministratorUserNames=administrator
ldap.authentication.java.naming.provider.url=ldap://srv.test.local:389
ldap.authentication.userNameFormat=%s@test.local
ldap.synchronization.java.naming.security.principal=administrator@test.local
ldap.synchronization.java.naming.security.credentials=verysecret
ldap.synchronization.groupSearchBase=ou=alfresco,dc=test,dc=local
ldap.synchronization.userSearchBase=ou=alfresco,dc=test,dc=local

is this really all, what needs to be configured in alfresco in order to auth against an Win2k3 server with running AD?

after reboot (/etc/init.d/tomcat6 restart wont work) i can login with my AD credentials …
and if changing my passwd in AD, alfresco login uses the new credentials …

but if i create a new user in AD this user can't login to alfresco …

so i need to add the user twice ?! In AD and Alfresco?
Labels:
0 Kudos
2 REPLIES 2

rliu
Champ in-the-making
Champ in-the-making

‎10-06-2009 07:36 PM

A  couple things you should look at.

1. See how frequent the LDAP synchronization is occurring.
2. Look at your LDAP query as it may be selecting users of a certain group. Also, I'm not sure if the LDAP query detects whether the newly created user must sign in first before the account is activated.
0 Kudos

elmuchacho
Champ in-the-making
Champ in-the-making

‎11-05-2009 06:55 AM

AUTH against ADS works for me right now …
using this entries in alfresco.global.properties:
### AUTH against MS-ADS
authentication.chain=alferscoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://serverip:389
ldap.authentication.java.naming.security.authentication=SIMPLE
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.userNameFormat=%s@test.local
ldap.synchronization.java.naming.security.principal=ldapreaduser@test.local
ldap.synchronization.java.naming.security.credentials=verysecret
ldap.synchronization.groupSearchBase=ou=intranet,dc=test,dc=local
ldap.synchronization.userSearchBase=ou=intranet,dc=test,dc=local

right now i have two problems:
1. how to set up ldaps?
ldaps didn't work by only changing the url from ldap://serverip:389 to ldaps://serverip:636 …
something more to do? like setting up the path to the cert-file?
but where/how to config this?
2. how to delete a user in alfresco when user is deleted in ldap?
didn't found a solution yet ;(
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC