tengo el mismo problema.
agregue un atributo en mi freeipa llamado "AlfescoService" el cual quiero manejar como 0= denegado y 1= Permitido para qeu le de acceso al portal de alfresco.. como puedo hacer que este se permita?
hasta el momento este es mi query en global.properties y permite el inicio de sesion ya sea que tenga el parametro 0 o 1.
#LDAP Auth
#authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
authentication.chain=ldap2:ldap,ldap1:ldap,alfinst:alfrescoNtlm
ldap.authentication.allowGuestLogin=false
ldap.authentication.active=true
ldap.authentication.java.naming.provider.url=ldap://cipa.domain.nlc:389
ldap.authentication.userNameFormat=uid=%s,cn=users,cn=accounts,dc=domain,dc=nlc
###LDAP Sync
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=uid=admin,cn=users,cn=accounts,dc=domain,dc=nlc
ldap.synchronization.java.naming.security.credentials=123456789
ldap.synchronization.groupQuery=(objectclass=groupOfUniqueNames)
#ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.personQuery=(objectclass=(AlfescoService=1))
#ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=alfrescoadmins,cn=groups,cn=accounts,dc=domain,dc=nlc)(memberOf=cn\=alfrescousers,cn=groups,cn=accounts,dc=domain,dc=nlc)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=alfrescoadmins,cn=groups,cn=accounts,dc=domain,dc=nlc)(memberOf=cn\=alfrescousers,cn=groups,cn=accounts,dc=domain,dc=nlc))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!modifyTimestamp<\={0}))
#este es el correcto #ldap.synchronization.groupSearchBase=cn=groups,cn=accounts,dc=domain,dc=nlc
#ldap.synchronization.groupSearchBase=cn=alfrescousers,cn=groups,cn=accounts,dc=domain,dc=nlc
ldap.synchronization.userSearchBase=cn=users,cn=accounts,dc=domain,dc=nlc
ldap.synchronization.userIdAttributeName=UserID
ldap.synchronization.userLastNameAttributeName=LastName
ldap.synchronization.userEmailAttributeName=Emailaddress
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=cn
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember
synchronization.syncOnStartup=true
synchronization.import.cron=0 0 0 * * ?
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.