cancel
Showing results for 
Search instead for 
Did you mean: 

AD integration

nataletarantino
Champ in-the-making
Champ in-the-making

Hi,

i see a strange behavior in my active directory integration (Alfresco 5.2com on Centos 7).

Sometimes user must capitalize one or more letter to authenticate (es. if username is "duck" they have to try with "Duck" and after "DUck".

This with various browser (IE11, Edge, Firefox, Chrome)

Can someone help me?

THX

Natale

5 REPLIES 5

afaust
Legendary Innovator
Legendary Innovator

I doubt that anyone can help just with that description. This is an extremely strange behaviour, one which I have never observed in ten years of working with Alfresco systems integrated with Active Directory. I can also not think of any reasonable cause / trigger for such a behaviour within Alfresco.

Did you only configure the LDAP-AD integration, or did you also configure Kerberos / passthru for authentication? What is the authentication chain configuration? Ideally, it helps in such situations if you can provide your full configuration (wihthout passwords / sensitive infos of course - but best replace them with xxx instead of not providing those properties).

Thanks

These are LDAP configurations

Global

### LDAP
authentication.chain=alfinst:alfrescoNtlm,ad1:ldap-ad,ad2:ldap-ad,ad-tu:ldap-ad,ad-te:ldap-ad,ad-sa:ldap-ad,ad-ra:ldap-ad,ad-is:ldap-ad,ad-in:ldap-ad,ad-en:ldap-ad,ad-bc:ldap-ad,ad-ap:ldap-ad
ntlm.authentication.sso.enabled=false

####

ad1 chain

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@bilancioaisi.local
ldap.authentication.java.naming.provider.url=ldap://172.28.112.15:389
ldap.authentication.defaultAdministratorUserNames=************
ldap.synchronization.java.naming.security=simple
ldap.synchronization.java.naming.security.principal=********@bilancioaisi.local
ldap.synchronization.java.naming.security.credentials=*********
ldap.synchronization.person.differential.query=(&=(ObjectClass)=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)((WhenChanged<\={0}))
ldap.synchronization.groupSearchBase=ou=Economia,dc=bilancioaisi,dc=local
ldap.synchronization.userSearchBase=ou=Economia,dc=bilancioaisi,dc=local

other ldap chain differs only SearchBase

Leave only one sync/author subsustem for one AD. Write proper queries to find all users and groups in all dark corners of your AD. Replace IP address 172.28.112.15 to DNS name.


@fedorow wrote:

1)Leave only one sync/author subsustem for one AD.

2)Write proper queries to find all users and groups in all dark corners of your AD.

3) Replace IP address 172.28.112.15 to DNS name.


1) What do you intend for this?

2) I have more of 50,000 user and about 1000 OU's entry in my AD and i need select users of certain OU's (Economia, Territorio etc)

3) Done

My mistake. 1) and 2) not about your case.