AnsweredAssumed Answered

Empty AD Group Membership

Question asked by brostekm on Mar 17, 2010
Latest reply on Nov 12, 2010 by kilg
I am trying to sync Alfresco 3.2r Community Edition with my AD.  I am able to get all the users and group names imported, and I can log in with the imported users.  It is even synchronizing the users and groups every minute. The problem is the groups have no members in Alfresco. When I change a group's membership in AD, the alfresco detects the changed group and the log says it processed the group, but still no group members show up in Alfresco.  Here is the ldap-ad-authentication.properties file:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@company.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://x.x.x.x:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=xxx@company.com
ldap.synchronization.java.naming.security.credentials=Creds
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc\=company,dc\=com
ldap.synchronization.userSearchBase=ou\=User Accounts,ou\=Alfresco,dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Anyone have any suggestions?

Thanks

Outcomes