AnsweredAssumed Answered

LDAP Sync with AD in Labs 3.2

Question asked by carbs on Jul 8, 2009
Latest reply on Jul 8, 2009 by carbs
Hi all,

I'm having an issue with trying to sync with AD via LDAP.  I am using pretty much the same config (just moved into alfresco-global.properties) that was working fine in Labs 3.0.

Basically I have defined my own LDAP filters so that certain users (service accounts, admin accounts etc) are filtered out and these filters work fine and when the sync is happening it mostly only lists real user accounts (I still have some more tuning to do).  The group filter is the default as filtering groups is not really needed in our environment.

The problem arises when the sync gets to the group members, basically as some of the users have been filtered out it tries to add users that don't exist (as they are members in AD) to the group and dies.  This problem didn't come up with 3.0 and these members seemed to be skipped without error.

The error I get is like this one.

net.sf.acegisecurity.AuthenticationServiceException: General error; nested exception is org.alfresco.repo.security.authority.AuthorityException: 06080005 The person sv-emit does not exist and can not be added to a group
caused by:
org.alfresco.repo.security.authority.AuthorityException: 06080005 The person sv-emit does not exist and can not be added to a group
Which makes sense, but I don't want that user or their group membership added to Alfresco.  I plan to filter out disabled accounts and this issue would make it impossible to do that either.

Is there a way to get this working?  Is this a bug or have I just set this up wrong?

Any help would be greatly appreciated.

Kind regards,
Mark

Outcomes