AnsweredAssumed Answered

LDAP Sync empty groups

Question asked by snowman386 on Jan 25, 2008
Hello everybody. I am running 2.9B. I successfully got NTLM working and LDAP people and group sync; however, the imported groups are empty. Below are the two config files:

ldap-authenticaion.properties

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=%s

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldapserver.com:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=SIMPLE
# ldap.authentication.java.naming.security.authentication=DIGEST-MD5

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=CN=user,DC=domain,DC=com

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=password

ldap-synchronisation.properties

#
# This properties file is used to configure LDAP syncronisation
#

# The query to find the people to import
ldap.synchronisation.personQuery=(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(givenName=*)(sn=*)(mail=*)(company=*))

# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=OU=Users,DC=domain,DC=com

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=sAMAccountName

# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=company

# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=companyHomeFolderProvider

# The query to find group objects
ldap.synchronisation.groupQuery=(&(objectclass=group)(grouptype=-2147483646))

# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=OU=Users,DC=domain,DC=com

# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn

# The group type in LDAP
ldap.synchronisation.groupType=group

# The person type in LDAP
ldap.synchronisation.personType=user

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member

# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ?
# ldap.synchronisation.import.person.cron=*/5 * * * * ?

# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?
# ldap.synchronisation.import.group.cron=*/10 * * * * ?

# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=false

thanks in advance

Outcomes