AnsweredAssumed Answered

OpenLdap Groups synchronisation 4.0.e

Question asked by maxime on Dec 13, 2012
Latest reply on Jan 3, 2013 by maxime
Bonjour,

Je rencontre actuellement un problème avec l'utilisation d'alfresco community 4.0.e.
Après avoir configuré le module de synchro ldap, je rencontre un problème sur la synchronisation des groupes avec un openlodap.
Les traces me disent que les groupes ont été correctement créer, mais impossible de les visualiser via l'interface d'admin ou encore via le node browser.

Voici les logs :
 2012-12-17 11:45:00,589  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2012-12-17 11:45:00,671  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Synchronizing users and groups with user registry 'ldap_gdt'
2012-12-17 11:45:00,680  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving all groups from user registry 'ldap_gdt'
2012-12-17 11:45:01,461  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Commencing batch of 9 entries
2012-12-17 11:45:01,485  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Processed 9 entries out of 9. 100 % complete. Rate: 375 per second. 0 failures detected.
2012-12-17 11:45:01,485  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Completed batch of 9 entries
2012-12-17 11:45:01,490  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving all users from user registry 'ldap_gdt'
2012-12-17 11:45:01,863  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Commencing batch of 6 entries
2012-12-17 11:45:02,494  WARN  [security.sync.ChainingUserRegistrySynchronizer] [ldap_gdt User Creation and Association1] Updating user 'ADMIN'. This user will in future be assumed to originate from user registry 'ldap_gdt'.
2012-12-17 11:45:03,594  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Processed 6 entries out of 6. 100 % complete. Rate: 3 per second. 0 failures detected.
2012-12-17 11:45:03,595  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Completed batch of 6 entries
2012-12-17 11:45:03,721  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Finished synchronizing users and groups with user registry 'ldap_gdt'
2012-12-17 11:45:03,722  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] 6 user(s) and 9 group(s) processed
2012-12-17 11:45:03,774  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete

mon fichier ldap-authentication.properties

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=Groups,o\=GDT,c\=FR

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
#ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain
# On ne peut pas restreindre plus, étant donné que Informatique et FAM doivent avoir accès à l'application
ldap.synchronization.userSearchBase=ou\=People,o\=GDT,c\=FR


# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
#ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=businessCategory

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
#ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupDisplayNameAttributeName=cn

# The group type in LDAP (objectClass)
ldap.synchronization.groupType=groupOfUniqueNames

# The person type in LDAP (objectClass)
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember

Et le ldif de l'annuaire

dn: ou=Groups,o=GDT,c=FR
ou: Groups
objectClass: organizationalUnit
objectClass: top
structuralObjectClass: organizationalUnit
entryUUID: 33e8e2a4-c380-1031-8970-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121115145512Z
entryCSN: 20121115145512Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121115145512Z
entryDN: ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: TRUE

dn: cn=GDT_Administrateur_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_Administrateur_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: c34a0cbe-c8eb-1031-897f-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122745Z
entryCSN: 20121122124402Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124402Z
entryDN: cn=GDT_Administrateur_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Administrateur_Recette,ou=Groups,o=GDT,c=FR
cn: GDT_Administrateur_Recette
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: cbc049f8-c8eb-1031-8980-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122759Z
entryCSN: 20121122124408Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124408Z
entryDN: cn=GDT_Administrateur_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Recette,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_GestionnaireReference_Recette
structuralObjectClass: groupOfUniqueNames
entryUUID: d349e652-c8eb-1031-8981-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122812Z
entryCSN: 20121122124416Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124416Z
entryDN: cn=GDT_GestionnaireReference_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Recette,ou=Groups,o=GDT,c=FR
cn: GDT_Utilisateur_Recette
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: defe6b30-c8eb-1031-8982-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122831Z
entryCSN: 20121122124526Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124526Z
entryDN: cn=GDT_Utilisateur_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_Utilisateur_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: 20a2f56a-c8ec-1031-8983-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123021Z
entryCSN: 20121122124520Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124520Z
entryDN: cn=GDT_Utilisateur_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_Utilisateur_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 25ca2d7e-c8ec-1031-8984-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123030Z
entryCSN: 20121122131655Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131655Z
entryDN: cn=GDT_Utilisateur_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Administrateur_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_Administrateur_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 2bc95538-c8ec-1031-8985-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123040Z
entryCSN: 20121122131820Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131820Z
entryDN: cn=GDT_Administrateur_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_GestionnaireReference_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: 340da8ac-c8ec-1031-8986-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123054Z
entryCSN: 20121122124411Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124411Z
entryDN: cn=GDT_GestionnaireReference_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_GestionnaireReference_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 3adde76e-c8ec-1031-8987-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123105Z
entryCSN: 20121122131814Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131814Z
entryDN: cn=GDT_GestionnaireReference_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

Les utilisateurs sont parfaitement créer, mais pas les groupes.
Chose encore plus étrange, sans bouger la conf, mais en mettant une version plus ancienne (4.0.a) ma synchronisation a bien lieux, celle ci n'effectue pas la liaison entre mes groupes et mes users mais les groupes sont présent.
J'ai déjà fais un post sur le forum en mais étant sans réponse depuis plus d'une semaine je me permet d'en refaire un ici.
En espérant avoir une réponse …

Cordialement,

Maxime

Outcomes