AnsweredAssumed Answered

Incomplete LDAP synchronization

Question asked by shivshan on Oct 13, 2009
Hi
I have setup a chained authentication scheme against Active Directory and things seem to be working. However, i see that LDAP synchronization is not syncing all users as per the user filter.
alfresco-global.properties:
authentication.chain=passthru1:passthru,ldap1:ldap-ad
ldap.authentication.active=false
ldap.synchronization.active=true
passthru.authentication.domain=
passthru.authentication.servers=DOMAIN\\192.168.200.51,192.168.200.51
passthru.authentication.defaultAdministratorUserNames=admin
ldap.authentication.java.naming.provider.url=ldap://192.168.200.51:389
ldap.synchronization.java.naming.security.principal=user@ad.company.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.userSearchBase=OU=IND,DC=ad,DC=company,DC=com
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.personQuery=(&(objectclass=person)(userAccountControl:1.2.840.113556.1.4.803:=512)(department=IMS))
ldap.synchronization.personDifferentialQuery=(&(objectclass=person)(userAccountControl:1.2.840.113556.1.4.803:=512)(department=IMS)(!(modifyTimestamp<\={0})))
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationAttributeName=department
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.userCompanyTelephoneAttributeName=extensionAttribute1
ldap.synchronization.userContactMobileAttributeName=mobile
ldap.synchronization.userContactLocationAttributeName=extensionAttribute3
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.personType=person
synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 30 * * * ?
I see that there are no errors during the sync but not all users from the user search query are being created in Alfresco. And i didn't see anything unique in these accounts (like no first name etc).
1. Is there any reason why all users are not synced? i understand that ldap.synchronization.queryBatchSize of 1000 is actually the default for AD.
2. How can i get the total number of accounts created in Alfresco?
Using Alfresco CE 3.2 and Share.
Thanks
Shiva

Outcomes