- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 05:16 AM
I need to create a user in AD and sync it with already existing user in alfresco. If i create a user in AD with the same username and password as in alfresco will it "connect" to the existing user in alfresco ? What global properties for sync do i need to add in order to not recreate the user in alfresco (or change his/her password)? Thanks in advance.
- Labels:
-
Alfresco Content Services
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 09:40 AM
Thanks for the detailed explanation. You cannot do that. At least in my knowledge. You cannot sync the user and password from Alfresco and load it into AD, sorry. Not at least configuring the sync on your AD.
You may need to think in other options, e.g., develop a process which extract all user's info and load into your AD (as CSV, for example).
Cheers,
Cristina.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 10:59 AM
Alfresco and MS AD don't store clear text passwords, but the hash values using configurable hash algorithms.
Theoretically you can extract the hashes and the used hash algorithm from the Alfresco database and copy that to AD but there is no official support or API I know of from MS to do that. So you would need to hack the AD sync protocol. Depending on the Alfresco and AD version the hash algorithms differ, so you don't have any chance since the hash is not revertable by design.
A more practicable way would be to extract only the readable user properties (except password) using a simple javascript inside Alfresco, store the data in a file like CSV and write another windows batch script to run on the AD server which creates only once the users in AD with new passwords. You may send emails to the users with the new password in the same script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 05:27 AM
Good morning.
When I needed to connect AD with Alfresco I didn't have much problems. I will suggest you to take a look in the Alfresco documentation, you have there everything explained! If you have any doubt please let us know and we will help you.
Please test first in your local machine. You have here an example. And here a post on this forums.
Cheers,
Cristina.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 09:17 AM
I have already read this article, but it didnt solve my problem, all i need is to sync users from alfresco (that are already created) with Active Directory. For example:
I am not using any AD and i have an alfresco user with username: john22 with password: 1234567890. Now i need to add AD so that the alfresco user john22 have sync with AD (have created there).
If i am creating user in AD, there is no problem, synchronization works fine and i can login in alfresco share , but when it cames to sync from alfresco to AD, users from alfresco doesnt synch with AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 09:40 AM
Thanks for the detailed explanation. You cannot do that. At least in my knowledge. You cannot sync the user and password from Alfresco and load it into AD, sorry. Not at least configuring the sync on your AD.
You may need to think in other options, e.g., develop a process which extract all user's info and load into your AD (as CSV, for example).
Cheers,
Cristina.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2021 10:59 AM
Alfresco and MS AD don't store clear text passwords, but the hash values using configurable hash algorithms.
Theoretically you can extract the hashes and the used hash algorithm from the Alfresco database and copy that to AD but there is no official support or API I know of from MS to do that. So you would need to hack the AD sync protocol. Depending on the Alfresco and AD version the hash algorithms differ, so you don't have any chance since the hash is not revertable by design.
A more practicable way would be to extract only the readable user properties (except password) using a simple javascript inside Alfresco, store the data in a file like CSV and write another windows batch script to run on the AD server which creates only once the users in AD with new passwords. You may send emails to the users with the new password in the same script.