Good Morning.
I have an Alfresco installation, in which users can authenticate themselves by validating against an Active Directory.
It turns out that if the password is entered incorrectly 3 times, the user is locked in the AD and when its lock is deactivated, it is not reflected in Alfresco. In other words, state synchronization is not performed.
I have been reading the documentation about it: https://docs.alfresco.com/5.2/concepts/ldap-sync-user.html (for my version of Alfresco), but it is not clear to me if with
synchronization.externalUserControl=true synchronization.externalUserControlSubsystemName=ldap
it is enough ... is there a cronjob or site where I indicate how often the status should be kept updated or would it be 100% transparent? (If it is transparent and directly validates with the AD its state ... then I have something wrong configured, because Alfresco thinks that the user is still blocked).
UPDATE:
When the user is blocked by a high retry to put the password wrong, it gets blocked in AD and in Alfresco.
When unlocking in the AD, the user can authenticate in the AD (in other services) but in Alfresco, it is still blocked and cannot be authenticated. How can this be solved?
The guidelines I have followed are these:
https://docs.alfresco.com/5.2/concepts/ldap-sync-user.html
Synchronization by default only runs once every night. This can be configured using the synchronization.import.cron property in alfresco-global.properties. The question then remains what the acceptable duration after unblocking is for Alfresco to synch the state change, e.g. if you want to run the synch hourly, semi-hourly or even more regularly.
My problem is that when the user is blocked because there is a login retry with an incorrect password, the user is blocked in the Active Directory and cannot access Alfresco. That's right.
But when unlocking the user in AD, the user still cannot access Alfresco, even though several days have passed and the sync script has been run. What could be the problem?
Hi @trompe,
There is a discussion of a similar problem - might be worth taking a look at the solutions suggest there.
HTH,
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.