How to configure Alfresco to show user's logon name property from active directory?

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
wandss
Member II

How to configure Alfresco to show user's logon name property from active directory?

Jump to solution

Hello everyone! I've been working with an ECM/BPM platform as System Administrator as well as a developer. I'm new to Alfresco as well as to Alfresco Community. 

Before anything else. Congratulations for everyone at Alfresco and Alfresco Community, Alfresco is really an amazing software and I humbly hope that soon I can contribute so it's get better and better.

I've recently installed a testing server to understand the whole concepts of Alfresco and get to know how it works and it's features and maybe start a plan to migrate from my actual ECM/BPM solution to Alfresco/Activiti.

I could perfectly install and configure Alfresco and syncing to our Active Directory with no problem. Everything is working fine.

Our Active Directory doesn't have the "username" property set, here we use only the "logon_name" instead. Seems that Alfresco checks for the "username" to show who has creates, updates o deletes contents at Alfresco Share, so, when I track a history for any type of content, the information of whom has been the responsible for that history, it's shown "undefined undefined". Like: "undefined undefined has viewed this document".

Is there anyway I can change so Alfresco looks for the "logon_name" Active Directory property?

Case I didn't make myself clear, the login and authentication to active directory is working fine, as well as a user search.

Best regards you all, and once again... amazing product!

1 Solution

Accepted Solutions
afaust
Master

Re: How to configure Alfresco to show user's logon name property from active directory?

Jump to solution

You can alter any of the default mappings between LDAP/AD and Alfresco via the configuration properties. E.g. for the user name you have

ldap.synchronization.userIdAttributeName=sAMAccountName

as default when using AD, which you could change. Though I would be surprsed if your AD isn't using that sAMAccountName property for the actual login name. If users can login just fine, I would say that part is working fine. What looks like not working at all is the first / last name synchronisation, which is why users are shown as "undefined undefined" (Alfresco code doesn't really expect these properties to have no value at all, and client code will just concatenate even non-values). So you might want to check

ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
2 Replies
afaust
Master

Re: How to configure Alfresco to show user's logon name property from active directory?

Jump to solution

You can alter any of the default mappings between LDAP/AD and Alfresco via the configuration properties. E.g. for the user name you have

ldap.synchronization.userIdAttributeName=sAMAccountName

as default when using AD, which you could change. Though I would be surprsed if your AD isn't using that sAMAccountName property for the actual login name. If users can login just fine, I would say that part is working fine. What looks like not working at all is the first / last name synchronisation, which is why users are shown as "undefined undefined" (Alfresco code doesn't really expect these properties to have no value at all, and client code will just concatenate even non-values). So you might want to check

ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
wandss
Member II

Re: How to configure Alfresco to show user's logon name property from active directory?

Jump to solution

Hello Mr. Axel Faust‌, thanks for the help!

The problem for sure isn't with Alfresco. You got it right, is my AD that has empty values for first/last name fields

So, if I correctly understood, I can switch between AD properties in the alfresco-global.properties and instead of using:

ldap.syncronization.userFirstNameAttributeName=givenName

I could use:

ldap.syncronization.userFirstNameAtributeName=displayName‍

Just to conclude, after changing this, It didn't affect the already synchronized LDAP/AD accounts, so I had to "force" a new synchronization.

That's a lot of information and documentation all over Alfresco community about this, but I'll enforce here what I've done.

Inside alfresco-global.properties file I've included:

synchronization.syncOnStartup=true
synchronization.synchronizeChangesOnly=false

and then restarted alfresco.

Checking the alfresco.log file, I saw that the whole user base from LDAP/AD has been synchronized hence, after checking at Alfresco's share that everything worked, I commented the above lines to let Alfresco works as it standard way and synchronize only the updates from LDAP/AD, and do this in it's own schedule dates.

Thanks again!