Alfresco Community v6.2.0
I am connecting a test system to my test domain controller, in the LDAP configuration properties page (https://docs.alfresco.com/5.0/concepts/auth-ldap-props.html) it has a section for group and user search bases. The advice given is 'The DN below which to run the group queries.'. My test system is configured as follows:
Within both users and groups I have set up 2 OUs (alfresco & nonalfresco), then I have created a test user in each group. From the advice given, one would assume that only the users below the Alfresco OUs would be able to log in, but I can log in with the users in the nonalfresco OUs too, can anyone explain why this is?
I guess you're missing to set the "create.missing.people" flag.
Add following configuration:
Check that you have also included both authentication systems:
And take a look at this video:
Hope that helps.
Hi, sorry about my last message... The reason I could not authenticate any users was because my VM had a network issue, so Alfresco could not contact the server. I have added in the create.missing.people=false setting and it will still allow users from another OU log in, so this has seemingly not changed anything that I can notice
To avoid auto-creation of users, we are currently using the following property:
We got this property by looking at default-synchronization.properties file. I think Alfresco should update the documentation about this.
I hope it solves your problem.
I've added that setting and it is still allowing users from the wrong OU in AD to log in. I'm using the Bitnami installer, would that make a difference? Something else worth pointing out too, is that when I navigate to:
I get an error 'Error loading items'
This error is a known bug in share 6.2.
Regarding ldap users, have you checked that these users from the wrong OU are not there from past wrong logins? The simplest way would be checking that these users can change their password from share UI. Ldap users can't change their password from share UI.
Also, afaik, there is no bitnami installer for Alfresco 6.2...
If I log in to my build and click the alfresco logo, it gives me the following detail:
Alfresco Share v6.2.0
The error loading items issue is a known share 6.2 bug as I stated in last comment.
Regarding your ldap error, I think Alfresco is not synchronizing users correctly. Check your logs, and escape the equals signs in your usersSearchBase property value adding a backslash in front of them.