AnsweredAssumed Answered

Active Directory authentification

Question asked by francois12 on Apr 2, 2009
Latest reply on Jul 1, 2009 by rchamy
Hello,

We're using Alfresco Labs 3 final version and a shared tomcat (v.6) on Debian Etch.
And we're trying to authentificate with an Active Directory account.

Let the user called "Joe Black", his login is jblack and distinguishedName is CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com
He's connecting to Alfresco with his login jblack.

When using an active directory, the authentification mechanism should be :

[Alfresco] ———————–> [AD] : Search for jblack with sAMAccountName : CN=reader,OU=service,OU=admin,DC=company,DC=com
[Alfresco] <———————– [AD] : Response from AD : CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com
[Alfresco] ———————–> [AD] : Login with CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com and typed jblack password
[Alfresco] <———————– [AD] : Access granted to Alfresco

Unfortunately, this mechanism doesn't work with our configuration. See our configuration below :

- ldap-authentication-context.xml :

ldap.authentication.userNameFormat=sAMAccountName=%s

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap.company.com:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=cn=reader,ou=service,ou=admin,dc=company,dc=com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=***********
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

- ldap-authentication-context.xml : untouched

- Do we need to edit the ldap-synchronisation.properties file ?

Thank you for any help.

Outcomes