AnsweredAssumed Answered

LDAP users disabled

Question asked by psuplat on Apr 13, 2015
Latest reply on Apr 14, 2015 by borisstankov
Hello,

I'm completely new to Alfresco so please be mindful of my ignorance :)

I have just set up alfresco 5.0 server (on a windows vm) and after an entire day of sweat, blood and tears I managed to connect it to our AD - in a way.

When server stars the groups and users are synchronized and I can see them from within the Alfresco admin console if logged in as admin.

However non of my ad users are able to log in. Further investigation showed that all imported/synchronized accounts are marked as disabled inside Alfresco even though they are not on the AD, and I cannot change this.

Any ideas what I need to change or were I went wrong on the configuration.

Here is the important bit from configuration file:

### Authentication ###
authentication.chain=alfinst:alfrescoNtlm,ldap-ad1:ldap-ad

### LDAP-AD Auth ###
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.0.111:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator,admin

### LDAP-AD Synch ###
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=MyAdminUser@MyDomain.Com
ldap.synchronization.java.naming.security.credentials=MyPassword
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=UK,ou\=Wockhardt Pharma Ltd,dc=wockhardt,dc=net
ldap.synchronization.userSearchBase=ou\=UK,ou\=Wockhardt Pharma Ltd,dc=wockhardt,dc=net
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true




Thanks

Outcomes