AnsweredAssumed Answered

Active Directory LDAP Queries

Question asked by danniemstanley on Jul 26, 2007
Thought others might find this useful.  We have configured Alfresco to use Active Directory for authentication (JAAS) and user import (LDAP).  We determined that we wanted to achieve two things:
  • Restrict user import to only those belonging to a specific group

  • Restrict group import to only those which are security groups
To achieve this we configured our custom ldap like this:

–snip–

<property name="personQuery">
<value><![CDATA[(&(userAccountControl=512)(givenName=*)(sn=*)(mail=*)(company=*)(memberof=CN=Alfresco Users,OU=Groups,DC=company,DC=com))]]></value>
</property>

–snip–

<property name="groupQuery">
<value><![CDATA[(&(objectclass=group)(samaccounttype=268435456))]]></value>
</property>

–snip–

Outcomes