Alfresco sync AD-Alfresco blocked account

cancel
Showing results for 
Search instead for 
Did you mean: 
trompe
Active Member

Alfresco sync AD-Alfresco blocked account

Good Morning.

I have an Alfresco installation, in which users can authenticate themselves by validating against an Active Directory.

It turns out that if the password is entered incorrectly 3 times, the user is locked in the AD and when its lock is deactivated, it is not reflected in Alfresco. In other words, state synchronization is not performed.

I have been reading the documentation about it: https://docs.alfresco.com/5.2/concepts/ldap-sync-user.html (for my version of Alfresco), but it is not clear to me if with

synchronization.externalUserControl=true
synchronization.externalUserControlSubsystemName=ldap

 

it is enough ... is there a cronjob or site where I indicate how often the status should be kept updated or would it be 100% transparent? (If it is transparent and directly validates with the AD its state ... then I have something wrong configured, because Alfresco thinks that the user is still blocked).

UPDATE:

When the user is blocked by a high retry to put the password wrong, it gets blocked in AD and in Alfresco.

When unlocking in the AD, the user can authenticate in the AD (in other services) but in Alfresco, it is still blocked and cannot be authenticated. How can this be solved?

The guidelines I have followed are these:

https://docs.alfresco.com/5.2/concepts/ldap-sync-user.html

 

3 Replies
afaust
Master

Re: Alfresco sync AD-Alfresco blocked account

Synchronization by default only runs once every night. This can be configured using the synchronization.import.cron property in alfresco-global.properties. The question then remains what the acceptable duration after unblocking is for Alfresco to synch the state change, e.g. if you want to run the synch hourly, semi-hourly or even more regularly.

trompe
Active Member

Re: Alfresco sync AD-Alfresco blocked account

My problem is that when the user is blocked because there is a login retry with an incorrect password, the user is blocked in the Active Directory and cannot access Alfresco. That's right.
But when unlocking the user in AD, the user still cannot access Alfresco, even though several days have passed and the sync script has been run. What could be the problem?

EddieMay
Alfresco Employee

Re: Alfresco sync AD-Alfresco blocked account

Hi @trompe,

There is a discussion of a similar problem  - might be worth taking a look at the solutions suggest there.

HTH,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!