OpenLDAP authentication, if username already existed, both authentications are valid after sync
We have to provide authentication with OpenLDAP so, that after synchronization with OpenLDAP usernames from OpenLDAP, which already existed for alfrescoNtlm authentication, would keep all the access to owned documents.
That is, we had user John with alfrescoNtlm authentication, which had long working background in repository with owned documents. The same user John is in OpenLDAP, but with different password.
After synchronization with OpenLDAP, I have found that both user types with same username are valid. So that user John can login with both passwords, alfrescoNtlm and OpenLDAP.
It could be even fine, but what discourages is that in admin tools only one old user John is displayed.
If we disable it, the OpenLDAP user still can login.
Another question, is it possible not to provide parameters ldap.synchronization.java.naming.security.principal and ldap.synchronization.java.naming.security.credentials, as OpenLDAP is accessible without them?
If I simply turn them off, there is error while synchronization with OpenLDAP:
2019-02-13 10:33:24,550 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Failed initial synchronize with user registries org.alfresco.repo.security.authentication.AuthenticationException: 01130001 Failed to authenticate, username or password is wrong. User name:cn=Manager,dc=company,dc=com Reason [LDAP: error code 49 - Invalid Credentials]