AnsweredAssumed Answered

Alfresco SSO - windows 2008 DC

Question asked by kolathaya on Oct 23, 2016

Hi,

 

I have configured the alfresco-global file b=with below config

### AD SSO

authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad

alfresco.authentication.authenticateCIFS=false

ntlm.authentication.sso.enabled=true

 

 

ldap.authentication.active=false

ldap.authentication.userNameFormat=%s@domain.local

ldap.authentication.allowGuestLogin=false

ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false

ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

ldap.authentication.java.naming.provider.url=ldap://192.168.101.15:389

 

 

passthru.authentication.authenticateCIFS=true

passthru.authentication.domain=

passthru.authentication.servers=dc01,dc02

passthru.authentication.defaultAdministratorUserNames=administrator, serveradmin

 

 

synchronization.synchronizeChangesOnly=false

synchronization.import.cron=0 0 1 * * ?

synchronization.syncWhenMissingPeopleLogIn=true

synchronization.autoCreatePeopleOnLogin=true

 

 

ldap.synchronization.active=true

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.java.naming.security.authenticaton=simple

ldap.synchronization.java.naming.security.principal=administrator@domain.local

ldap.synchronization.java.naming.security.credentials=password@123

 

 

#ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))

#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

#ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))

#ldap.synchronization.personQuery=(&(objectclass=user))

#ldap.synchronization.groupQuery=(objectclass\=group)

#ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(CN\=allusers)(!(modifyTimestamp<\={0})))

 

 

ldap.synchronization.userSearchBase=ou\=IT,dc\=domain,dc\=local

ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=local

 

I am able to login as domain user, but SSO not working . Any missing in the above commands

Outcomes