Help

Permanently disabled users after disabling LDAP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RansomRonny
Member II
‎20 Jan 2022 3:24 PM

Permanently disabled users after disabling LDAP

Hi.

I have a situation similar to that from https://hub.alfresco.com/t5/alfresco-content-services-forum/switch-from-ad-ldap-authentication-to-lo... thread. Unfortunately I don't see a solution there.

I "inherited" some 5.2 installation which was, honestly speaking, unmaintained and kept only as an archive of sorts.

The configuration was as far as I remember and understand the contents to authenticate users using Kerberos against AD and use LDAP to query/synchronize users' group membership.

I needed to migrate the server into another site because the whole domain is being decommisioned so I had to disable Kerberos and LDAP in ACS config. It seems to have gone well.

The problem is that all accounts that were created before and used Kerberos/LDAP still exist but are shown as disabled and the user edit dialog doesn't let me to re-enable the user (the checkbox "disable user" is ticked and greyed out) or set the password for user.

If I create a new test user, he's getting properly created locally and I can freely edit his properties.

I trimmed my authentication.chain so it contains only "alfrescoNtlm1:alfrescoNtlm" now.

I already disabled Kerberos completely in share-config-custom.xml because otherwise the tomcat app would not start properly without KDC access. I disabled all LDAP mentions in tomcat/shared/classes/alfresco/extension...

What else can I do?

I'd like to avoid having to remove users and recreate them by hand.

0 Kudos
Reply
3 Replies
angelborroy
Alfresco Employee
‎21 Jan 2022 11:11 AM

Re: Permanently disabled users after disabling LDAP

Users are associated to a Zone in Alfresco. If you want to move to default Authentication (NTLM), you need to re-create every user (you can use the REST API for that). If you want to use a new LDAP, you may try synchronizing them again.

Hyland Developer Evangelist
Reply
RansomRonny
Member II
‎21 Jan 2022 0:35 PM

Re: Permanently disabled users after disabling LDAP

If I delete/recreate each user I'll obviously lose all access rights assignment, right?

Is there no way around it? To be honest, I thought about directly updating the database if needed but unfortunately, the database structure is a bit over-complicated for quick understanding without additional docs.

Also, will it not lose user action history?

0 Kudos
Reply
fedorow
Senior Member
‎23 Jan 2022 11:14 PM

Re: Permanently disabled users after disabling LDAP

@RansomRonny wrote:

If I delete/recreate each user I'll obviously lose all access rights assignment, right?

Yes, new user is new user.

 

@RansomRonny wrote:

Also, will it not lose user action history?

Yes, you'll have got new users.

 

@RansomRonny wrote:

What else can I do?

Connect system to LDAP with same users ID's. It can use any LDAP autentication technology, not necessarily Kerberos.

 

0 Kudos
Reply
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.