AnsweredAssumed Answered

LDAP works....sorta

Question asked by eswbitto on Jun 27, 2013
Latest reply on Jun 28, 2013 by eswbitto
I'm having issue with trying to get active directory working with alfresco. I've been able to authenticate a user to log into alfresco with their active directory credentials. However I can't seem to be able to search a list of all users using the People Finder function. This is going to be crucial for our society in order to initially setup sites and members to those site.

Here is a config that I have residing in this location: webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad


ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@test.lan
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://dmc.test.lan:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator,alfresco
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=alfresco@test.lan
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou=\domain,dc=com
ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\domain,dc=com


——————————————————————————-
Also I'm on the 4.2.c community version and per instructions I also added this entry to:
webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml
Found this bean:

<bean id="ldapInitialDirContextFactory">
<property name="initialDirContextEnvironment">
<map>

Added this entry -

<entry key="java.naming.referral">
<value>follow</value>
</entry>


The authentication works….but I can't search for other users. Does alfresco have this functionality?

Outcomes