AnsweredAssumed Answered

LDAP Sync

Question asked by clynham on Sep 11, 2009
Latest reply on Sep 16, 2009 by clynham
Hi,

After playing with authentication chains etc over the past few days, I've finally got it working how I want it to with the exception of LDAP sync.  My properties file is configured as:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad
#
passthru.authentication.domain=#
passthru.authentication.servers=DOMAIN\\DOMAINCINTROLLERC01,DOMAINCONTROLLER02
passthru.authentication.defaultAdministratorUserNames=administrator,admin
passthru.authentication.authenticateFTP=false
#passthru.authentication.sso.enabled=true
passthru.authentication.authenticateCIFS=true
#ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=false
ldap.authentication.active=false
ldap.authentication.java.naming.provider.url=ldap://DOMAINCONTROLLER01:389
ldap.authentication.userNameFormat=%s
ldap.synchronization.java.naming.security.principal=ldap.admin
ldap.synchronization.java.naming.security.credentials=secret$
ldap.synchronization.groupSearchBase=ou=Security Groups,ou=domain,dc=co,dc=uk
ldap.synchronization.userSearchBase=ou=User Accounts,ou=domain,dc=co,dc=uk

If a new user logs into the system alfresco.log shows:

15:50:31,588 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
15:50:31,588 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
15:50:31,620 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.ldap1'
15:50:31,620 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'AUTH.EXT.ldap1'
15:50:31,620 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed

So although no errors are being thrown, the system isn't actually doing any sync of user details.  Does anyone know where to start looking? I've also tried amending the ldap.authentication.userNameFormat and ldap.synchronization.java.naming.security.principal without success to:

ldap.authentication.userNameFormat=%s@domain.co.uk
ldap.synchronization.java.naming.security.principal=ldap.admin@domain.co.uk

Thanks in advance!

Outcomes