AnsweredAssumed Answered

ldap authenticate from different OU on different sites

Question asked by sharifu on Dec 22, 2014
I have alfresco 4.2.e community. I have 2 sites with ldap authentication as follows which work fine


### AD SSO
authentication.chain=passthru1:passthru,ldap1:ldap-ad
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://echo.uk.domain.com:389
ldap.synchronization.java.naming.security.authenticaton=simple
ldap.synchronization.java.naming.security.principal=administrator@domain.com
ldap.synchronization.java.naming.security.credentials=******
ldap.synchronization.userSearchBase=ou\=Sites,dc\=domain,dc\=com
synchronization.synchronizeChangesOnly=false
### synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
passthru.authentication.domain=DOMAIN
passthru.authentication.servers=DOMAIN\\echo.uk.domain.com,DOMAIN\\akutan.usa.domain.com
passthru.authentication.defaultAdministratorUserNames=johnl,markw,administrator,alfresco,sharifu

ldap.synchronization.queryBatchSize=1000
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=com



What i would like to do is on my 2nd site i would like to give acces to users in

ou\=Sites,dc\=domain,dc\=com
OU\=Cairo,DC\=domain,DC\=com
OU\=Jakarta,DC\=domain,DC\=com



I do not want the extra 2 OU to have acces to my 1st site.

How can i achieve this?

Outcomes