AnsweredAssumed Answered

[SOLVED] Authentication Active direcotory by sAMAccountName

Question asked by chicco0386 on Sep 24, 2010
Latest reply on Sep 24, 2010 by chicco0386
Hi all,
I'm looking how to loggin a user via LDAP AD sAMAccountName parameter.

My ldap-ad-authentication.properties is this:
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s
# Try also with this
#ldap.authentication.userNameFormat=%s@mytria.tria.it
#ldap.authentication.userNameFormat=sAMAccountName=%s
#ldap.authentication.userNameFormat=cn=%s,cn=Users,DC=mytria,DC=tria,DC=it
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<server>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=user1,cn=Users,DC=mytria,DC=tria,DC=it
ldap.synchronization.java.naming.security.credentials=12345678
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=cn=Users,DC=mytria,DC=tria,DC=it
ldap.synchronization.userSearchBase=cn=Users,DC=mytria,DC=tria,DC=it
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

And my alfresco-global.properties inside the "classes" folder have this configuration for authentication:
authentication.chain=ldap-ad1:ldap-ad
ù

A simple user inside AD is like this:

dn: CN=test user,CN=Users,DC=mytria,DC=tria,DC=it
cn: test user
displayName: test user
distinguishedName: CN=test user,CN=Users,DC=mytria,DC=tria,DC=it
givenName: test user
mail: user1@mytria.it
mailNickname: user_1
name: test user
sAMAccountName: user1
sn: 1
userPrincipalName: user1@mytria.tria.it

I try to login with user:
user1
user1@mytria.tria.it
test user

but all this account don't work for login inside Alfresco via LDAP AD.

CAN YOU HELP ME?

THANK YOU

Outcomes