04-08-2020 04:38 AM
Alfresco Community v6.2.0
I am connecting a test system to my test domain controller, in the LDAP configuration properties page (https://docs.alfresco.com/5.0/concepts/auth-ldap-props.html) it has a section for group and user search bases. The advice given is 'The DN below which to run the group queries.'. My test system is configured as follows:
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@chris.com
ldap.authentication.java.naming.provider.url=ldap://192.168.56.220:389
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.java.naming.security.principal=xxxxxxxx
ldap.synchronization.java.naming.security.credentials=xxxxxxxx
ldap.synchronization.groupSearchBase=Alfresco,OU=Groups,OU=Blackburn,DC=Chris,DC=com
ldap.synchronization.userSearchBase=Alfresco,OU=Users,OU=Blackburn,DC=Chris,DC=com
Within both users and groups I have set up 2 OUs (alfresco & nonalfresco), then I have created a test user in each group. From the advice given, one would assume that only the users below the Alfresco OUs would be able to log in, but I can log in with the users in the nonalfresco OUs too, can anyone explain why this is?
04-08-2020 06:15 AM
I guess you're missing to set the "create.missing.people" flag.
https://docs.alfresco.com/community/concepts/auth-ldap-props.html
Add following configuration:
create.missing.people=false
04-08-2020 07:29 AM
Hi, thanks for your reply, I have added that configuration to the file and it has now prevented all users from logging in, even the built in admin/admin account
04-08-2020 07:34 AM
Check that you have also included both authentication systems:
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
And take a look at this video:
https://www.youtube.com/watch?v=pJNpqAOelmE
Hope that helps.
04-09-2020 08:22 AM
Hi, sorry about my last message... The reason I could not authenticate any users was because my VM had a network issue, so Alfresco could not contact the server. I have added in the create.missing.people=false setting and it will still allow users from another OU log in, so this has seemingly not changed anything that I can notice
Explore our Alfresco products with the links below. Use labels to filter content by product module.