AnsweredAssumed Answered

Active Directory authentification

Question asked by francois12 on Apr 2, 2009
Latest reply on Jul 1, 2009 by rchamy

We're using Alfresco Labs 3 final version and a shared tomcat (v.6) on Debian Etch.
And we're trying to authentificate with an Active Directory account.

Let the user called "Joe Black", his login is jblack and distinguishedName is CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com
He's connecting to Alfresco with his login jblack.

When using an active directory, the authentification mechanism should be :

[Alfresco] ———————–> [AD] : Search for jblack with sAMAccountName : CN=reader,OU=service,OU=admin,DC=company,DC=com
[Alfresco] <———————– [AD] : Response from AD : CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com
[Alfresco] ———————–> [AD] : Login with CN=Joe Black,OU=marketing,OU=org1,DC=company,DC=com and typed jblack password
[Alfresco] <———————– [AD] : Access granted to Alfresco

Unfortunately, this mechanism doesn't work with our configuration. See our configuration below :

- ldap-authentication-context.xml :


# The LDAP context factory to use

# The URL to connect to the LDAP server

# The authentication mechanism to use

# The default principal to use (only used for LDAP sync),ou=service,ou=admin,dc=company,dc=com

# The password for the default principal (only used for LDAP sync)***********
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \

- ldap-authentication-context.xml : untouched

- Do we need to edit the file ?

Thank you for any help.