Help

Error de sincronización LDAP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Liferbis
Active Member
‎3 Apr 2020 10:21 AM

Error de sincronización LDAP

Buenos días,

He realizado la sincronización y la integración del LDAP entre Alfresco CE 6 con un AD sobre un Centos7, he modificado el  archivo 'alfresco-global.properties' y creado el 'ldap-authentication.properties' en la ruta: '/rutaAlfresco/apache-tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/'.

El archivo 'alfresco-global.properties':

#
# alfresco-global.properties
#
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@uno.dos.es
ldap.authentication.java.naming.provider.url=ldap://uno.dos.es:389
ldap.authentication.defaultAdministratorUserNames=Administrador
ldap.authentication.java.naming.security.authentication=simple

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=usuario@uno.dos.es
ldap.synchronization.java.naming.security.credentials=PasswordUsuario
ldap.synchronization.import.cron=0 0/5 * * * ?
# synchronisation starts every 5 minutes!

ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.groupSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.personQuery=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))
ldap.synchronization.person.differential.query=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))

El archivo 'ldap-authentication.properties' replica el global:

#
# ldap-authentication.properties
#
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@uno.dos.es
ldap.authentication.java.naming.provider.url=ldap://uno.dos.es:389
ldap.authentication.defaultAdministratorUserNames=Administrador
ldap.authentication.java.naming.security.authentication=simple

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=usuario@uno.dos.es
ldap.synchronization.java.naming.security.credentials=PasswordUsuario
ldap.synchronization.import.cron=0 0/5 * * * ?
# synchronisation starts every 5 minutes!

ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.groupSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.personQuery=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))
ldap.synchronization.person.differential.query=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))

 

Por un lado, no he conseguido que el cron funcione para sincronizar cambios cada 5 minutos

ldap.synchronization.import.cron=0 0/5 * * * ?

 

Y cuando realiza la sincronización a las 00:00 de me dá el siguiente error:

2020-04-03 00:00:00,313  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronizing users and groups with user registry 'ldap1'
2020-04-03 00:00:00,354  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Some users and groups previously created by synchronization with this user registry may be removed.
2020-04-03 00:00:00,447  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Retrieving groups changed since Apr 2, 2020, 5:50:42 PM from user registry 'ldap1'
2020-04-03 00:00:00,558  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2020-04-03 00:00:00,558  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2020-04-03 00:00:00,791  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more
2020-04-03 00:00:00,835  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more
2020-04-03 00:00:00,845  ERROR [quartz.core.JobRunShell] [DefaultScheduler_Worker-8] Job DEFAULT.org.springframework.scheduling.quartz.JobDetailFactoryBean#40c110e2 threw an unhandled Exception: 
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more

 

Con más detalle de lo que ocurre, el LDAP ya ha sido sincronizado, pero erroneamente, me explico, se han introdicido usuarios deshabilitados, por lo que añadí el filtro:

(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))

Pero no consigo forzar una nueva sincronización para que elimine los usuarios deshabilitados y añada los que si están habilitados.

No se si alguien ha tenido que lidiar con esta situación, agradecería ayuda. Muchas gracias de antemano, 

 

0 Kudos
Reply
The Archive

Content from pre 2016 and from language groups that have been closed.

Content is read-only.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.