AnsweredAssumed Answered

AD and canonical username

Question asked by bopolissimus on Oct 10, 2012
Latest reply on Oct 15, 2012 by bopolissimus
Hello all,

I've got Alfresco 4.0.d community successfully authenticating and synchronizing with ActiveDirectory (see config below).  I do have one problem however.  given that there's a test_user user in AD and given that we can login as test_user@domain and test_user@domain.local, I can login three different ways with the same password.  That is, I can login as:

   test_user
   test_user@domain
   test_user@domain.local

Those are created in alfresco as three different users (with the usernames as above).  Is there a way to tell alfresco that the same AD user should map to just one alfresco user?  Otherwise, I'm going to have trouble later as users somehow login in more than one way and find that documents they've updated as one user aren't owned by them when they' logged in as a variant n the first user's login? Or that in the second login they aren't in the same groups or don't have access to sharepoint sites they had when logged in as the first user.

==== config starts ====

authentication.chain=ldap1:ldap-ad,passthru1:passthru,alfrescoNtlm1:alfrescoNtlm

alfrescoNtlm.ntlm.authentication.sso.enabled=false
alfrescoNtlm.alfresco.authentication.authenticateCIFS=false

passthru.ntlm.authentication.sso.enabled=false
passthru.passthru.authentication.authenticateCIFS=false

passthru.authentication.useLocalServer=false
passthru.authentication.servers=DOMAIN\\111.22.33.1,DOMAIN\\11.22.33.2

ldap.authentication.authenticateCIFS=false
ldap.authentication.active=true
ldap.synchronization.active=true

ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://111.22.33.3
ldap.authentication.defaultAdministratorUserNames=Administrator,admin
ldap.synchronization.java.naming.security.principal=user@domain.local
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=domain,dc\=domain,dc\=local
ldap.synchronization.userSearchBase=ou\=Users,ou\=domain,dc\=domain,dc\=local

ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.synchronization.personQuery=(givenName\=*)
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

==== config ends ====

Many thanks,

Gerald

Outcomes