AnsweredAssumed Answered

LDAP Sync question

Question asked by catar4 on Nov 13, 2014
Latest reply on Nov 18, 2014 by catar4
Greetings everyone,

I have a couple interrogations concerning LDAP integration in Alfresco Community 4.2.f, mainly about user synchronization. I have extended our ldap authentication subsystem (tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap2/ldap-authentication.properties) and correctly configured it (when I enable ldap.authentication.active=true I'm able to connect with users in the ldap).

Now, I also enabled user synchronization (ldap.synchronization.active=true) and I can see that it correctly synced the users it is configured to sync. I validated that by creating a new user after the first user synchronization, which successfully synchronized that user.

Now I'm surprised to find that if I disable ldap authentication, to keep only synchronization (ie ldap.authentication.active=false and ldap.synchronization.active=true) I would expect to be able to connect to alfresco with the synchronized users. But the thing is, it doesn't work. Isn't synchronization supposed to create "native accounts" (alfrescoNtlm) in the repository so that it's possible to authenticate with those users ? If not, is there a possibility to simply export user informations (username, password, email) so that useable accounts are created to allow users to login ?

I want to achieve that, since ldap and ldap-ad are not able to authenticate to CIFS/Samba and our only possibility for it would be alfrescoNtlm (we are not on a domain, so passthru is not really a possibility and we won't setup a kerberos server either for that). Have I totally misunderstood the purpose of users synchronization from a ldap server, or have I missed a configuration change that would enable the functionality ?

Note: this is my authentication chain: authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap2:ldap
Thanks in advance,

Outcomes