cancel
Showing results for 
Search instead for 
Did you mean: 

Help configuring LDAP

ChrisAlker
Confirmed Champ
Confirmed Champ

Alfresco Community v6.2.0

I am connecting a test system to my test domain controller, in the LDAP configuration properties page (https://docs.alfresco.com/5.0/concepts/auth-ldap-props.html) it has a section for group and user search bases. The advice given is 'The DN below which to run the group queries.'. My test system is configured as follows:

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@chris.com
ldap.authentication.java.naming.provider.url=ldap://192.168.56.220:389
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.java.naming.security.principal=xxxxxxxx
ldap.synchronization.java.naming.security.credentials=xxxxxxxx
ldap.synchronization.groupSearchBase=Alfresco,OU=Groups,OU=Blackburn,DC=Chris,DC=com
ldap.synchronization.userSearchBase=Alfresco,OU=Users,OU=Blackburn,DC=Chris,DC=com

Within both users and groups I have set up 2 OUs (alfresco & nonalfresco), then I have created a test user in each group. From the advice given, one would assume that only the users below the Alfresco OUs would be able to log in, but I can log in with the users in the nonalfresco OUs too, can anyone explain why this is?

14 REPLIES 14

angelborroy
Community Manager Community Manager
Community Manager

I guess you're missing to set the "create.missing.people" flag.

https://docs.alfresco.com/community/concepts/auth-ldap-props.html

Add following configuration:

create.missing.people=false
Hyland Developer Evangelist

Hi, thanks for your reply, I have added that configuration to the file and it has now prevented all users from logging in, even the built in admin/admin account

Check that you have also included both authentication systems:

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

And take a look at this video:

https://www.youtube.com/watch?v=pJNpqAOelmE

Hope that helps.

Hyland Developer Evangelist

Hi, sorry about my last message... The reason I could not authenticate any users was because my VM had a network issue, so Alfresco could not contact the server. I have added in the create.missing.people=false setting and it will still allow users from another OU log in, so this has seemingly not changed anything that I can notice