AnsweredAssumed Answered

Passthru auth with AD users located in different OU's

Question asked by bartokk on May 12, 2011
I've managed to get LDAP authentication working but only for users who are part of cn\=users,dc=domain,dc=com. Most of my users are not in cn=users so I changed this to be
ldap.synchronization.groupSearchBase=ou\LA1,dc=domain,dc=com
ldap.synchronization.userSearchBase=ou\LA1,dc=domain,dc=com

I was not able to login with any account under the OU of LA1. I was still able to login with the default admin account as well as a user account from cn=user. I then tried to set the search base to simply dc=domain,dc=com thinking it would search the entire directory. This did not work. My question is, what is the proper code to have Alfresco authenticate users from a different OU?


Here is a snippet of the current config:
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=domain\\user
ldap.synchronization.java.naming.security.credentials=(user pass)
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupSearchBase=ou\LA1,dc=domain,dc=com
ldap.synchronization.userSearchBase=ou\LA1,dc=domain,dc=com

Outcomes