Hi.
I have a situation similar to that from https://hub.alfresco.com/t5/alfresco-content-services-forum/switch-from-ad-ldap-authentication-to-lo... thread. Unfortunately I don't see a solution there.
I "inherited" some 5.2 installation which was, honestly speaking, unmaintained and kept only as an archive of sorts.
The configuration was as far as I remember and understand the contents to authenticate users using Kerberos against AD and use LDAP to query/synchronize users' group membership.
I needed to migrate the server into another site because the whole domain is being decommisioned so I had to disable Kerberos and LDAP in ACS config. It seems to have gone well.
The problem is that all accounts that were created before and used Kerberos/LDAP still exist but are shown as disabled and the user edit dialog doesn't let me to re-enable the user (the checkbox "disable user" is ticked and greyed out) or set the password for user.
If I create a new test user, he's getting properly created locally and I can freely edit his properties.
I trimmed my authentication.chain so it contains only "alfrescoNtlm1:alfrescoNtlm" now.
I already disabled Kerberos completely in share-config-custom.xml because otherwise the tomcat app would not start properly without KDC access. I disabled all LDAP mentions in tomcat/shared/classes/alfresco/extension...
What else can I do?
I'd like to avoid having to remove users and recreate them by hand.
Users are associated to a Zone in Alfresco. If you want to move to default Authentication (NTLM), you need to re-create every user (you can use the REST API for that). If you want to use a new LDAP, you may try synchronizing them again.
If I delete/recreate each user I'll obviously lose all access rights assignment, right?
Is there no way around it? To be honest, I thought about directly updating the database if needed but unfortunately, the database structure is a bit over-complicated for quick understanding without additional docs.
Also, will it not lose user action history?
@RansomRonny wrote:If I delete/recreate each user I'll obviously lose all access rights assignment, right?
Yes, new user is new user.
@RansomRonny wrote:Also, will it not lose user action history?
Yes, you'll have got new users.
@RansomRonny wrote:What else can I do?
Connect system to LDAP with same users ID's. It can use any LDAP autentication technology, not necessarily Kerberos.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.