Hi there, been struggling quite a while getting Alfresco to work with LDAP-AD:
Using alfresco community 5.0.d.
Did an "easy"-installation and appended the global config as follows:
# # LDAP # authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad ntlm.authentication.sso.enabled=false ldap.authentication.allowGuestLogin=false ldap.synchronization.userIdAttributeName=userPrincipalName ldap.authentication.userNameFormat=%s ldap.authentication.java.naming.provider.url=ldap://itg-vws-dc01.itg.local:389 ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco ldap.synchronization.java.naming.security.principal=CN=Doc,OU=Robots,DC=ITG,DC=local ldap.synchronization.java.naming.security.credentials=SUPERSECRETPASSWORD ldap.synchronization.groupSearchBase=CN=SG_Doc,CN=Users,DC=ITG,DC=local ldap.synchronization.userSearchBase=CN=Users,DC=ITG,DC=local ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf=CN\=SG_Doc,CN\=Users,DC\=itg,DC\=local)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf=CN\=SG_Doc,CN\=Users,DC\=itg,DC\=local)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
Kindly note I am working with a security-group here: SG_Doc
And I changed the default username to the UPN (E-Mail). All users being a member of the SG are able to login to alfresco.
Everything is working fine when using alfresco-share.
Now to allow my users to login to CIFS I changed the config to the following:
# # LDAP # authentication.chain=passthru1:passthru,alfinst:alfrescoNtlm,ldap1:ldap-ad alfresco.authentication.authenticateCIFS=false ldap.authentication.active=false ntlm.authentication.sso.enabled=false ldap.authentication.allowGuestLogin=false ldap.synchronization.userIdAttributeName=userPrincipalName ldap.authentication.userNameFormat=%s ldap.authentication.java.naming.provider.url=ldap://itg-vws-dc01.itg.local:389 ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco ldap.synchronization.java.naming.security.principal=CN=Doc,OU=Robots,DC=ITG,DC=local ldap.synchronization.java.naming.security.credentials=SUPERSECRETPASSWORD ldap.synchronization.groupSearchBase=CN=SG_Doc,CN=Users,DC=ITG,DC=local ldap.synchronization.userSearchBase=CN=Users,DC=ITG,DC=local ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf=CN\=SG_Doc,CN\=Users,DC\=itg,DC\=local)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf=CN\=SG_Doc,CN\=Users,DC\=itg,DC\=local)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) ntlm.authentication.sso.enabled=true passthru.authentication.servers=itg.local\\itg-vws-dc01.itg.local passthru.authentication.domain=# Leave blank passthru.authentication.guestAccess=false passthru.authentication.defaultAdministratorUserNames=Administrator,alfresco passthru.authentication.authenticateCIFS=true passthru.authentication.authenticateFTP=true
But this does not seem to work...
Tried to login with DOMAIN\firstname.lastname, firstname.lastname@domain, ...
But all I get is
ERROR [auth.cifs.PassthruCifsAuthenticator][AlfJLANWorker19] org.alfresco.jlan.smb.SMBException: Invalid parameter
In the catalina.out-file...
What exactly am I missing here? Any help would be highly appreciated.