Hello,
My environment is all Alfresco 6.2 Docker and Ubuntu 20.4.
I have configured synchronization with AD and my query in alfresco-global.properties (basic) is:
ldap.synchronization.personQuery = (& (objectclass \ = user)
ldap.synchronization.userSearchBase = cn \ = Users, dc \ = xxxxx, dc \ = com
I am having a problem about returning the user list within Share/Admin Tools/Users.
I perform the search and not all users who satisfy the condition return to me. For example, I search for the name fernando* and only 2 users return me, when in fact I have around 8 users with the name Fernando.
I execute the url based on the person API (http://<ip of the server>:8080/alfresco/s/api/people?MaxResults=3000) and returns me 2511 users coming from AD successfully, including the Fernandos in the example above.
If I manage permission for a Site or a folder on Share, and I search for the user, I find it successfully.
I changed the share-config.xml file by Dockerfile with the following definition:
<show-authorization-status> false </show-authorization-status> and also did not resolve.
Everything is focused on Share/Admin Tools/Users.
Thank you for your help.
Do you have a multilingual Alfresco environment? E.g. are you accessing Alfresco with a content language set in the browser that is different from the server language? As an administrator, I have run into situations where I did not find all the users I expected to find because of locale-specific indexing / querying via Alfresco Search Service, and a mismatch of languages between browser and server. I nowadays generally set up all customer instances with cross-locale query support - even when dealing with customers who only operate in one language, as there still would be a mismatch between user language (German) and server language (English, because who wants to see in incorrectly localised server log messages).
Depending on how you performed your tests with direct calls to the ReST APIs, you mave have avoided language mismatches by not providing a language in the request headers, thus falling back to the server default, which obviously would work without issue with synchronised users.
Cross locale query support is configured via the shared.properties file.
Faust good afternoon.
I analyzed all the documentation on shared.properties and within my environment it is configured according to the documentation, by default. And the documentation talks about solrconfig.xml, does it need to be changed too?
You can see that the creation in the docker-compose of the Solr container already tells you about CROSS_LOCALE.
My docker-compose has the following composition:
solr6:
build:
context: ./search
args:
SEARCH_TAG: $ SEARCH_CE_TAG
SOLR_HOSTNAME: solr6
ALFRESCO_HOSTNAME: alfresco
ALFRESCO_COMMS: none
CROSS_LOCALE: "true"
mem_limit: 1184m
environment:
#Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
SOLR_ALFRESCO_PORT: "8080"
#Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
#Create the default alfresco and archive colors
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco, archive"
SOLR_JAVA_MEM: "-Xms928m -Xmx928m"
SOLR_OPTS: "
-XX: NewSize = 336m
-XX: MaxNewSize = 336m
"
volumes:
- ./data/solr-data:/opt/alfresco-search-services/data
And the AD synchronization part is as follows:
-Dauthentication.chain = alfrescoNtlm1: alfrescoNtlm, ldap-ad1: ldap-ad
-Dldap.authentication.allowGuestLogin = false
-Dldap.authentication.userNameFormat=%s@xxxxxx.com.br
-Dldap.authentication.java.naming.provider.url = ldap: //xxxxx: 389
-Dldap.authentication.defaultAdministratorUserNames = Administrator, systems
-Dsynchronization.syncOnStartup = true
-Dsynchronization.synchronizeChangesOnly = false
-Dldap.synchronization.java.naming.security.principal=xxxxxxxx@xxxxxxxxxxxxxxxx.com.br
-Dldap.synchronization.java.naming.security.credentials = xxxxxxxxx
-Dldap.synchronization.groupSearchBase = cn\=Users, dc\=xxxxx, dc\=com, dc\= br
-Dldap.synchronization.userSearchBase = cn \ = Users, dc \ = xxxxxx, dc\=com, dc\=br
-Dldap.synchronization.userIdAttributeName = sAMAccountName
-Dldap.synchronization.userFirstNameAttributeName = givenName
-Dldap.synchronization.userLastNameAttributeName = sn
-Dldap.synchronization.userEmailAttributeName = mail
-Dldap.synchronization.personType = user
When changing the internal configuration in the container, when making a stop/start it loses the settings. Is there an example of how to change this file in the Dockerfile?
I also go back to inform that when granting permission to a folder or website, and I search, it finds all the users I want.
The installation was done using Angel Borroy's alfresco-docker-installer project successfully. The server is in English and so is the installation. The clients' browsers are in Portuguese - Brazil.
And I continue to do tests. Could you tell me which command (CMIS / API) Share uses to search for users in Administrative Tools?
Thank you for your help.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.