AnsweredAssumed Answered

Active Directory authentication: allow just group of users

Question asked by brgsousa on Jan 15, 2013
Latest reply on Jan 3, 2014 by therev
I have searched the web two days and found nothing that worked AND this forum.
How can I allow only a group (not an organizational unit) to login and use the alfresco system?
The main issue is that users are not just in one organizational unit. They are not just in the "Users" OU. I don't know how to include several OUs to synchronize.

Current configuration :
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@intranet.domain.com
ldap.authentication.java.naming.provider.url=ldap://intranet.domain.com:389
ldap.authentication.defaultAdministratorUserNames=administrator

ldap.synchronization.java.naming.security.principal=administrator@intranet.domain.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou=groups,dc=intranet,dc=domain,dc=com
ldap.synchronization.userSearchBase=OU=Users,dc=intranet,dc=domain,dc=com
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf\=CN\=Developers,OU\=Users,DC\=intranet,DC\=domain,DC\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

Outcomes