Alfresco and MS Active Directory

I installed the latest Alfresco Community v5.2.0, trying to configure user authentication from AD (win 2008r2).

domain - proektng.local
controller - dc01.proektng.local
all users in the group are user and further in subgroups

It does not work

in AD created user user_alfresco@proektng.local rights "Read all inetOrgPerson information" password - 12345678

to file

/opt/alfresco/tomcat/shared/classes/alfresco-global.properties 

added a line to the end:

 authentication.chain=alfrescoNtlm:alfrescoNtlm,ldap-ad:ldap-ad 

created folders and files which was not

 /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties 

file contents:

 ldap.authentication.active=true ldap.authentication.allowGuestLogin=true ldap.authentication.userNameFormat=%s@proektng.local ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.authentication.java.naming.provider.url=ldap://dc01.proektng.local:389 ldap.authentication.java.naming.security.authentication=simple ldap.authentication.escapeCommasInBind=false ldap.authentication.escapeCommasInUid=false ldap.authentication.defaultAdministratorUserNames=Administrator,admin ldap.synchronization.active=true ldap.synchronization.java.naming.security.authentication=simple ldap.synchronization.java.naming.security.principal=user_alfresco@proektng.local ldap.synchronization.java.naming.security.credentials=12345678 ldap.synchronization.queryBatchSize=1000 ldap.synchronization.attributeBatchSize=1000 ldap.synchronization.groupQuery=(objectclass\=group) ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0}))) ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!$ ldap.synchronization.groupSearchBase=ou\=user,dc=proektng,dc=local ldap.synchronization.userSearchBase=ou\=user,dc=proektng,dc=local ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z' ldap.synchronization.userIdAttributeName=sAMAccountName ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.userLastNameAttributeName=sn ldap.synchronization.userEmailAttributeName=mail