AnsweredAssumed Answered

LDAP Login and sync failed

Question asked by aguamemnon on May 20, 2012
Hi ,

config :

Openlad and alfresco 4.0 comunity

this is my alfresco-global.properties

######AUTHENTIFICATION CHAIN####
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

and my ldap-ad-authentication.properties


ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,aguamemnon
######SUBSYSTEM AUTHENTIFICATION####

### SIMPLE AUTHENTIFICATION ###
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,ou=Users,ou=Accounts

ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://serveur.forge-project.net:389

ldap.authentication.allowGuestLogin=false

#####################################
###### SUBSYSTEM SYNCHRONISATION ####
#####################################

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=cn=manager,cn=internal,dc=forge-project,dc=net
ldap.synchronization.java.naming.security.credentials=g0PK5+gZJHX/5S5U
ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=500
ldap.synchronization.groupQuery=(objectclass=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=Groups,ou=Accounts,dc=forge-project,dc=net
ldap.synchronization.userSearchBase=ou=Users,ou=Accounts,dc=forge-project,dc=net

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

################# ATTRIBUTE MAPPING #############
#### mapping to unique username in username attribute###
ldap.synchronization.userIdAttributeName=uid
#ldap.synchronization.userLastNameAttributeName=cn
#ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userFirstNameAttributeName=givenName
#ldap.synchronization.groupIdAttributeName=cn
#ldap.synchronization.groupType=
#ldap.synchronization.personType=
#ldap.synchronization.groupMemberAttributeName=member
#ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true

####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false
#synchronization.import.group.clearAllChildren=true
# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/15 * * * ?

sync users is OK
sync group is OK
sync users in group don't work
log users of ldap don't work plz help me

Outcomes