Help

Some users are not synced via LDAP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
hardik_thakkar
Active Member II
‎1 Sep 2020 0:53 PM

Some users are not synced via LDAP

Hi Team,

When i search with * in admin-console > users page, it shows only 5000 users and in actual LDAP has more than 15000 active users.

When we search for some of the active users, getting 0 result.

How to check number of users synced via LDAP? Any script?

Below are the configuration for LDAP sync in alfresco-global.properties file.

 

ldap.synchronization.active=true
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@inroot.in
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<IP>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
synchronization.syncOnStartup=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=username
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=dc\=XYZ,dc\=IN

ldap.synchronization.userSearchBase=dc\=XYZ,dc\=IN

dap.synchronization.modifyTimestampAttributeName=whenChanged
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
#ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Thanks,

Hardik

0 Kudos
2 Replies
achauve
Customer
‎2 Sep 2020 8:15 AM

Re: Some users are not synced via LDAP

Hello hardik_thakkar,

We had a similar issue because of the insufficient rights of our LDAP user.

I suggest you make tries with Apache Directory Studio, you will easyly see what the LDAP query returns.

When you are satisfied with the result, you can make a full import for example by removing

(!(whenChanged<\={0})

in the ldap.synchronization.personDifferentialQuery and restart alfresco.

When full import is done, restore the initial configuration and restart alfresco once again.

0 Kudos
idwright
Senior Member
‎8 Sep 2020 11:45 AM

Re: Some users are not synced via LDAP

This might be worth a look

https://hub.alfresco.com/t5/alfresco-content-services-forum/ldap-sync-fails-after-cleanalfproptables...

Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.