Help

AD integration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
nataletarantino
Member II
‎11 Dec 2019 2:00 PM

AD integration

Hi,

i see a strange behavior in my active directory integration (Alfresco 5.2com on Centos 7).

Sometimes user must capitalize one or more letter to authenticate (es. if username is "duck" they have to try with "Duck" and after "DUck".

This with various browser (IE11, Edge, Firefox, Chrome)

Can someone help me?

THX

Natale

0 Kudos
5 Replies
afaust
Master
‎11 Dec 2019 3:21 PM

Re: AD integration

I doubt that anyone can help just with that description. This is an extremely strange behaviour, one which I have never observed in ten years of working with Alfresco systems integrated with Active Directory. I can also not think of any reasonable cause / trigger for such a behaviour within Alfresco.

Did you only configure the LDAP-AD integration, or did you also configure Kerberos / passthru for authentication? What is the authentication chain configuration? Ideally, it helps in such situations if you can provide your full configuration (wihthout passwords / sensitive infos of course - but best replace them with xxx instead of not providing those properties).

0 Kudos
nataletarantino
Member II
‎13 Dec 2019 7:14 AM

Re: AD integration

Thanks

These are LDAP configurations

Global

### LDAP
authentication.chain=alfinst:alfrescoNtlm,ad1:ldap-ad,ad2:ldap-ad,ad-tu:ldap-ad,ad-te:ldap-ad,ad-sa:ldap-ad,ad-ra:ldap-ad,ad-is:ldap-ad,ad-in:ldap-ad,ad-en:ldap-ad,ad-bc:ldap-ad,ad-ap:ldap-ad
ntlm.authentication.sso.enabled=false

####

ad1 chain

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@bilancioaisi.local
ldap.authentication.java.naming.provider.url=ldap://172.28.112.15:389
ldap.authentication.defaultAdministratorUserNames=************
ldap.synchronization.java.naming.security=simple
ldap.synchronization.java.naming.security.principal=********@bilancioaisi.local
ldap.synchronization.java.naming.security.credentials=*********
ldap.synchronization.person.differential.query=(&=(ObjectClass)=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)((WhenChanged<\={0}))
ldap.synchronization.groupSearchBase=ou=Economia,dc=bilancioaisi,dc=local
ldap.synchronization.userSearchBase=ou=Economia,dc=bilancioaisi,dc=local

other ldap chain differs only SearchBase

0 Kudos
fedorow
Senior Member II
‎13 Dec 2019 5:01 PM

Re: AD integration

Leave only one sync/author subsustem for one AD. Write proper queries to find all users and groups in all dark corners of your AD. Replace IP address 172.28.112.15 to DNS name.

0 Kudos
nataletarantino
Member II
‎16 Dec 2019 8:15 AM

Re: AD integration

@fedorow wrote:

1)Leave only one sync/author subsustem for one AD.

2)Write proper queries to find all users and groups in all dark corners of your AD.

3) Replace IP address 172.28.112.15 to DNS name.

1) What do you intend for this?

2) I have more of 50,000 user and about 1000 OU's entry in my AD and i need select users of certain OU's (Economia, Territorio etc)

3) Done

0 Kudos
fedorow
Senior Member II
‎16 Dec 2019 2:15 PM

Re: AD integration

My mistake. 1) and 2) not about your case.

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.