AnsweredAssumed Answered

LDAP sync with dynlist (account/group disable)?

Question asked by johna on Mar 24, 2009
Latest reply on Mar 26, 2009 by johna
Has anyone had experience with setting up Alfresco to synch with OpenLDAP dynamic groups using the dynlist overlay?

I can integrate with LDAP no problem, but when trying to convert my static groups to dynamic groups it doesn't see the group members.  It appears to have something to do with the combination of how the overlay works and how Alfresco is querying LDAP.  Apache recognizes the dynamic group members, and you see them when you query LDAP from the command line, but when Alfresco syncs it grabs the group names and no members.

Something I read mentioned the dynlist overlay integrates the dynamic names at the last minute of a search so I'm wondering if the Java library that is querying LDAP performs the query some other way.  eg.  Maybe it asks for an attribute list and works from that rather than performing the search first?  If that's the case it wouldn't find the member attribute since they're added dynamically and therefore might assume there are no members.  I haven't had a chance to dissect the Java yet to see how it's querying LDAP.  Was hoping someone might have experience with this.