Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authentication and access-control with Microsoft ActiveD

jodeet
Champ in-the-making
Champ in-the-making

‎02-12-2008 05:56 PM

I see several forum post and wikis about using Microsoft Active Directory for authentication.  Some specify to use LDAP, some Kerberos.  I'm not sure which I should use.  Furthermore, I don't see any forums posts/wiki-articles saying how to use MsA.D. for access control.  So, I'd like to ask here.

What I want is this:

1) windows users, who log into the MsAD Domain, should be able to connect via CIFS, and ideally, also via the webclient, without having to re-enter their credentials

2) I don't want to have to keep any user/group info in Alfresco.  I'd like it to get that info from an MsAD domain controller.  It would be nice to not have to worry about keeping a copy in Alfresco in-synch with MsAD.

3) I'd like to be able to control which MsAD domain users can login to Alfresco

4) I'd like Alfresco to be able to see MsAD domain groups, so that I can control access to things within Alfresco by the existing MsAD Domain groups.

Are these things possible?  Can they co-exist at the same time?  How do I do it?  I'm running Alfresco on a Linux box that can be joined to the MsAD domain if needed.

Thanks
Labels:
0 Kudos
2 REPLIES 2

andy
Champ on-the-rise
Champ on-the-rise

‎02-20-2008 11:02 AM

Hi

1) This is possible using NTLMv1 or Kerberos

2) You have to sync people and groups with Alfresco. (authentication is always done against AD). The sync is done via LDAP.

3) This is sort of possible at the moment. If person entries are not created on demand, only the people pulled in via the LDAP import can log in via most routes (and in the all routes in later releases)

3) Certain domains can be configured in various places - this may be enough.

4) You need to pull in groups via LDAP import

At some point the authority API will be refactored to remove the dependence on NodeRef and you could implement your own AuthorityService. This would be a big pain at the moment.

The details are on the wiki.

Andy
0 Kudos

fstnboy
Champ on-the-rise
Champ on-the-rise

‎06-17-2008 04:35 AM

I´ve got the same problem, what you have told is Ok but i don´t want to import Groups nor Users from AD. I want to be able to "read" them when login is done and and just manage groups credentials. I don´t know if I have explained as well as I wanted the problem…

As a user I want this:

1) When I log in Windows, i don´t want to login again for Alfresco (this is not obligatory, i can live without that)

2) When I have logged in, as a user who belongs to a specific group i just want to see the spaces this group is enabled to see and manage. So I don´t want to edit each users grants, just editing groups grants would be ok.

I think that´s all.

Thanks!!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC