I have installed a fresh installation of Alfresco 5.1, even tried 5.2 this morning onto a Linux instance. I then configured Alfresco to talk to an LDAP server and then tried to limit logins into the instance based upon the user being part of a group, however it appears that it doesn't work. I have tested the filter in Apache Directory Studio and it appears to only return users in my group, however Alfresco lets anyone login whether in the group or not. I tried to add the (memberOf) to the personQuery but that filter didn't seem to limit the login in Alfresco even though I believe it should.
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,cn=users,cn=accounts,dc=lxi,dc=int
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,admin
ldap.synchronization.java.naming.security.principal=uid=admin,cn=users,cn=accounts,dc=lxi,dc=int
ldap.synchronization.java.naming.security.credentials=password123
ldap.synchronization.groupSearchBase=cn=groups,cn=accounts,dc=lxi,dc=int
ldap.synchronization.userSearchBase=ou=users,cn=accounts,dc=lxi,dc=int
# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=inetOrgPerson)(memberOf\=cn\=alfresco-demo,cn\=groups,cn\=accounts,dc\=lxi,dc=\int))
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(memberOf\=cn\=alfresco-demo,cn\=groups,cn\=accounts,dc\=lxi,dc=\int)(!(modifyTimestamp<\={0})))
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=cn\=groups,cn\=accounts,dc\=lxi,dc\=int
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=cn\=users,cn\=accounts,dc\=lxi,dc\=int
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
#ldap.synchronization.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=o
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronization.groupType=groupOfNames
# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member