Subtree ldap

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member II

Subtree ldap

Jump to solution

My ldap have subtree like this


cn=users

     cn=r

           uid=rodrigo

     cn=l

           uid=louis


The question is: how to configure alfresco to use a dynamic cn. The documentation contain a information about the "ldap.authentication.userNameFormat" and said "If set to an empty string (the default for the ldap subsystem), an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will be performed to resolve the DN from the user ID dynamically. This allows directories to be structured and does not require the user ID to appear in the DN."

So I think the Alfresco will perform the personQuery but doesn't work too.


Some idea?

1 Solution

Accepted Solutions
Highlighted
Active Member II

Re: Subtree ldap

Jump to solution

Hello, sorry for delay. I solved this problem using:


ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)


Now all user can login independently of CN


One more time, Thanks!

View solution in original post

4 Replies
Highlighted
Senior Member II

Re: Subtree ldap

Jump to solution

Maybe you can use another approach - search for objecttype=person that are memberOf users group...

But we need to have more information about your ldap structure - what kind of object are your "cn"s for example.

Alternative: tag your Alfresco users with a special property or put them in a special group...

Senior Member

Re: Subtree ldap

Jump to solution

I think what you want is to set the value of 

ldap.synchronization.userIdAttributeName=uid

with ldap.authentication.userNameFormat not set

You may also need something like 

ldap.synchronization.personQuery=(objectclass\=posixAccount)

Highlighted
Senior Member II

Re: Subtree ldap

Jump to solution

Hi,

Ian is right. If you use a posix user directory (Linux, zimbra, etc.) your objectclass would be posixAccount

so 

ldap.synchronisation.personQuery=(objectclass=posixAccount)

ldap.synchronisation.groupQuery=(objectclass=posixGroup)

would be the simplest queries, retrieving all groups and users.

If you'd describe your environment, we could narrow it down.

Highlighted
Active Member II

Re: Subtree ldap

Jump to solution

Hello, sorry for delay. I solved this problem using:


ldap.authentication.userNameFormat=
ldap.synchronization.userIdAttributeName=uid
lap.synchronization.personQuery=(objectclass=Xyz)


Now all user can login independently of CN


One more time, Thanks!

View solution in original post