I'm going to migrate my Alfresco to the cloud and I have the task of removing authentication via AD LDAP for authentication.
I was looking for a way to do this in the database, but the Alfresco tables are quite complex. I still haven't been able to identify a way to perform this operation in the database. I saw that users and groups are in the database.
Is there a way to convert these users as if they were local users?
Is there any documentation on the tables and fields in the Alfresco database?
Thank you very much in advance!
You should rarely have to delve into the Alfresco database tables directly to do things like this. As such, there is no (public) documentation on the tables to not encourage people to try and modify these internals, and break their systems by doing so.
I tried to use your tips, unfortunately I couldn't. Explaining everything I've done.
In this new installation I did I disabled LDAP-AD authentication. When I checked the users, all accounts were disabled.
In the Share UI the password fields and the checkbox to activate the account are disabled even using the admin user.
Could you help me with some study material? Or without abusing too much what you should do.
Thanks in advance
Was your Share instance customised as part of LDAP integration? Look in <web-extension>\share-config-custom.xml to see if there are any modifications in this file. Also check the documentation on Form Customisation.
The only thing I customized in that file:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true"> <properties> <token>Alfresco-CSRFToken</token> <!-- Use the pipe | in the regex as OR operator: URL1|URL2|... --> <referer>https://alfresco.mydomain.com.br/.*</referer> <origin>https://alfresco.mydomain.com.br</origin> </properties> </config>
I believe that it is not that.
I forgot to inform the version I am using. It's the Alfresco Community 201707 (v5.2).
Today I tried to "steal" on the user's edit form. Enabling the password fields and the user account activation checkbox by editing the generated HTML using the browser inspect element.
Just remove the Disabled="True" to enable, but Alfresco's security is good. I underestimate Alfresco's security
When I try to save I get the following error message:
There had to be an easier way to activate these users.
I left some extra information. Do you have any light to help me?
Hello, @adautofernandes - did you ever get this to work for you? I'm migrating an ACS 4.6.2 instance over to a new data center and would like to do so without the current LDAP authentication.
So I couldn't migrate to the other server by disabling authentication with my Microsoft Active Directory/LDAP.
The solution I found was to install OpenLDAP + LAM (LDAP Account Manager) on Alfresco's server to manage users.
What's annoying about Alfresco is that it's difficult to maintain.
In the coming months I will have to plan the update. Hope to have a little headache.
@adautofernandesyou have your answer on @afaust' post:
Theoretically, you should be able to deactivate/remove the LDAP-AD configuration
(simplest way: remove it from authentication.chain property in alfresco-global.properties)
and after a restart should be allowed to set new passwords for these users in the Share UI.
Don't go directly into the database. Go though alfresco-global.properties and keep only ntlm authenticator on that line.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.