AnsweredAssumed Answered

Issue with LDAP group/member synchronisation...

Question asked by gyro.gearless on Apr 8, 2009
Latest reply on Jul 16, 2009 by dward
Hi folks,

currently i am setting up Alfresco (Stable 3c) to synchronize users and groups with our LDAP server. Like most things in life, this almost works perfectly, except one issue regarding group membership:

Our LDAP directory (for the curious, it is OpenLDAP managed by Zimbra + Samba extensions) holds groups as objectClass=posixGroup, with members held in the memberUid attribute. However, members are stored as kinda short names, not DNs as Alfresco expects: e.g. i have memberUid=donald when Alfresco wants memberUid=uid=donald,ou=people,dc=abcona,dc=int.

Alas, the short names seem what Samba expects to find in the directory, so i wonder what would be the most straightforward way to fix this? One obvious idea would be to enhance class LDAPGroupExportSource to do an indirect lookup using a pattern, say an additional attribute "groupMemberResolvePattern" with value "memberUid=uid=%s,ou=people,dc=abcona,dc=int" for my example above.

Maybe this issue has already addressed by someone, your comments welcome   :D