AnsweredAssumed Answered

LDAP Authentication (no sync) is creating users?!?

Question asked by acn on Sep 15, 2015
Latest reply on Sep 17, 2015 by acn
Hallo,

I've installed Alfresco 5.0.d and want to use LDAP authentication for users that I create manually in Alfresco - as I do not have the possibility to use LDAP groups or any other filter method on the LDAP server.

So I want to create a specific user, enter the LDAP login (+ a random password) and then the user can login in Alfresco via LDAP credentials.

I have configured this setup (sort of…) via the settings below, but the following problem accurs:

Whenever a user logs in who is NOT have a Alfresco user (i.e. who I did not create manually), Alfresco creates this user by itself and the user can log in.

Using some magic debug statements, I got the following output in catalina.out when such a user logs in:

[authentication.ldap.LDAPAuthenticationComponentImpl] […] Authenticating user "<userid>"
[authentication.ldap.LDAPAuthenticationComponentImpl] […] User "<userid>" does not exist in Alfresco. Attempting to import / create the user.
[authentication.ldap.LDAPAuthenticationComponentImpl] […] Setting the current user to "<userid>"
[authentication.ldap.LDAPAuthenticationComponentImpl] […] User "<userid>" authenticated successfully


That is NOT what I want!

How can I achieve my goal? What settings did I miss?

My configuration in alfresco-global.properties:


authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

alfresco.authentication.allowGuestLogin=false
ntlm.authentication.sso.enabled=false
ntlm.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.read.timeout=30000

ldap.authentication.userNameFormat=uid=%s,ou=people,o=xxxxxn,c=DE
ldap.authentication.escapeCommasInBind=true
ldap.authentication.java.naming.provider.url=ldaps://our.ldap.server:636
ldap.authentication.java.naming.security.protocol=ssl
ldap.authentication.truststore.path=/opt/alfresco/alf_data/keystore/ldap/ldap-keystore
ldap.authentication.truststore.passphrase=our-password
ldap.authentication.truststore.type=JKS

ldap.synchronization.active=false
# out of despair, I added these settings, which do not seem to help:
ldap.synchronization.syncWhenMissingPeopleLogIn=false
ldap.synchronization.autoCreatePeopleOnLogin=false


Thank you!

Kind regards
Anna Christina Naß

Outcomes