AnsweredAssumed Answered

Configure LDAP (only membersOf a group AD)

Question asked by sergio1024 on Jan 11, 2010
Latest reply on Jan 12, 2010 by dward
Hello,

First sorry for my english…I'm french..
I'm trying Alfresco (ubuntu package) in ubuntu server 9.10.

I have some questions ….:

1.My configuation of LDAP authentication works but but I'd like to only allow users members of my Active Directory group (GR_ALFRESCO).
What line i have modify in the "ldap-ad-authentication.properties" If someone can explain the process …

I try to recover goups and users who are members of the group GR_ALFRESCO.
The group is in the UO:
mondomaine.com
- site1 (UO)
—- Groups (UO)
——– ALFRESCO (Group)

I changed the file ldap-ad-authentication.properties as follows:

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com))

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf\=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf\=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=memberOf\=cn\=ALFRESCO,ou\=Groups,ou\=site1,dc\=mondomaine,dc\=com

I have this error : javax.naming.InvalidNameException: memberOf=cn=ALFRESCO,ou=Groups,ou=site1,dc=mondomaine,dc=com [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME).

an idea ?
Thanks for help.

Outcomes