I have alfresco community 6.2 with docker already working with Active Directory authentication.
But I'm facing the issue that everybody inside the AD is able to login to Alfresco also like service accounts which is not the best situatin. I thought I had reduced it to LDAP path inside the AD for configured alfresco OU which I created for this. In this OU there is only two groups configured where are the users which need to login to alfresco. But this did not work.
My goal is to allow only users which are inside the alfresco group inside the AD, is there any possibility to bring this to work?
Re: LDAP authentication | limit to groups inside AD
Unless you expand your person query to cover any (child) group in which a user is a member who should be allowed to log in, it will be impossible to achieve this hard distinction between "being allowed to log in" and "not synchronise every user". What I generally recommend my customers do in this situation is to create a new group in AD specifically to collect all the users who should be allowed to log into Alfresco, and not rely on any (transient) member of (sub-)group shenanigans.