AnsweredAssumed Answered

Alfresco user only from specific AD group member

Question asked by buhaiqi on Nov 13, 2015
Latest reply on Nov 19, 2015 by buhaiqi
Hi,
I'm very beginner in Alfresco and coding.
I need to configure my Alfresco user only sync from specific AD group member.
For several days, I already search and try every info that I got to fulfill what I need.
But still not get proper answer.
Please somebody, help

latest, I use Alfresco Community 4.2d base on info from this link

https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/installation-upgrades/howto-installconfig-3x


Assume

the group = group1
domain = domain1.com
ou = ou1
principal user = user1@domain1.com
principal password = password1

group1 inside ou1 with member come from several ou (not only ou1), below is my config

synchronization.authCreatePeopleOnLogin=false

ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://server1.domain1.com:389
ldap.synchronization.java.naming.security.principal=user1@domain1.com
ldap.synchronization.java.naming.security.credentials=Password1
ldap.authentication.java.naming.read.timeout=0

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.personQuery=(&(memberof\=CN\=group1,OU\=ou1,DC\=domain1,DC\=com)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(memberof\=CN\=group1,OU\=ou1,DC\=domain1,DC\=com)(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

ldap.synchronization.userSearchBase=OU\=ou1,DC\=domain1,DC\=com


Can anyone advice me the correct config?

Thank

Outcomes