I'm going to migrate my Alfresco to the cloud and I have the task of removing authentication via AD LDAP for authentication.
I was looking for a way to do this in the database, but the Alfresco tables are quite complex. I still haven't been able to identify a way to perform this operation in the database. I saw that users and groups are in the database.
Is there a way to convert these users as if they were local users?
Is there any documentation on the tables and fields in the Alfresco database?
Thank you very much in advance!
You should rarely have to delve into the Alfresco database tables directly to do things like this. As such, there is no (public) documentation on the tables to not encourage people to try and modify these internals, and break their systems by doing so.
This this particular case, the users you have in Alfresco are already pretty much ready to go as regular users when LDAP-AD is disabled. The only thing you absolutely would have to do is assign each user a password. Theoretically, you should be able to deactivate/remove the LDAP-AD configuration (simplest way: remove it from authentication.chain property in alfresco-global.properties) and after a restart should be allowed to set new passwords for these users in the Share UI. If that does not work or you have a lot of users, you can use tools like the JavaScript Console to script the password allocation by using JavaScript-Java interoperability to access the call the createAuthentication operation on the MutableAuthenticationService interface.
I tried to use your tips, unfortunately I couldn't. Explaining everything I've done.
In this new installation I did I disabled LDAP-AD authentication. When I checked the users, all accounts were disabled.
In the Share UI the password fields and the checkbox to activate the account are disabled even using the admin user.
I have no knowledge to use the JavaScript Console or Alfresco API. I tried to research more but I didn't see any practical example of how to use it.
Could you help me with some study material? Or without abusing too much what you should do.
Thanks in advance
Hi @adautofernandes,
Was your Share instance customised as part of LDAP integration? Look in <web-extension>\share-config-custom.xml to see if there are any modifications in this file. Also check the documentation on Form Customisation.
HTH,
The only thing I customized in that file:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true"> <properties> <token>Alfresco-CSRFToken</token> <!-- Use the pipe | in the regex as OR operator: URL1|URL2|... --> <referer>https://alfresco.mydomain.com.br/.*</referer> <origin>https://alfresco.mydomain.com.br</origin> </properties> </config>
I believe that it is not that.
I forgot to inform the version I am using. It's the Alfresco Community 201707 (v5.2).
Today I tried to "steal" on the user's edit form. Enabling the password fields and the user account activation checkbox by editing the generated HTML using the browser inspect element.
Just remove the Disabled="True" to enable, but Alfresco's security is good. I underestimate Alfresco's security
When I try to save I get the following error message:
There had to be an easier way to activate these users.
Hi @afaust,
I left some extra information. Do you have any light to help me?
Hello, @adautofernandes - did you ever get this to work for you? I'm migrating an ACS 4.6.2 instance over to a new data center and would like to do so without the current LDAP authentication.
Hi @pauldavidmena,
So I couldn't migrate to the other server by disabling authentication with my Microsoft Active Directory/LDAP.
The solution I found was to install OpenLDAP + LAM (LDAP Account Manager) on Alfresco's server to manage users.
What's annoying about Alfresco is that it's difficult to maintain.
In the coming months I will have to plan the update. Hope to have a little headache.
@adautofernandesyou have your answer on @afaust' post:
Theoretically, you should be able to deactivate/remove the LDAP-AD configuration
(simplest way: remove it from authentication.chain property in alfresco-global.properties)
and after a restart should be allowed to set new passwords for these users in the Share UI.
Don't go directly into the database. Go though alfresco-global.properties and keep only ntlm authenticator on that line.
Cheers,
Cristina.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.