Help

OpenLdap Groups synchronisation 4.0.e

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
maxime
Member II
‎13 Dec 2012 2:22 PM

OpenLdap Groups synchronisation 4.0.e

Bonjour,

Je rencontre actuellement un problème avec l'utilisation d'alfresco community 4.0.e.
Après avoir configuré le module de synchro ldap, je rencontre un problème sur la synchronisation des groupes avec un openlodap.
Les traces me disent que les groupes ont été correctement créer, mais impossible de les visualiser via l'interface d'admin ou encore via le node browser.

Voici les logs : 
 2012-12-17 11:45:00,589  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
 2012-12-17 11:45:00,671  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Synchronizing users and groups with user registry 'ldap_gdt'
 2012-12-17 11:45:00,680  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving all groups from user registry 'ldap_gdt'
 2012-12-17 11:45:01,461  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Commencing batch of 9 entries
 2012-12-17 11:45:01,485  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Processed 9 entries out of 9. 100 % complete. Rate: 375 per second. 0 failures detected.
 2012-12-17 11:45:01,485  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt Group Analysis: Completed batch of 9 entries
 2012-12-17 11:45:01,490  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Retrieving all users from user registry 'ldap_gdt'
 2012-12-17 11:45:01,863  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Commencing batch of 6 entries
 2012-12-17 11:45:02,494  WARN  [security.sync.ChainingUserRegistrySynchronizer] [ldap_gdt User Creation and Association1] Updating user 'ADMIN'. This user will in future be assumed to originate from user registry 'ldap_gdt'.
 2012-12-17 11:45:03,594  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Processed 6 entries out of 6. 100 % complete. Rate: 3 per second. 0 failures detected.
 2012-12-17 11:45:03,595  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] ldap_gdt User Creation and Association: Completed batch of 6 entries
 2012-12-17 11:45:03,721  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] Finished synchronizing users and groups with user registry 'ldap_gdt'
 2012-12-17 11:45:03,722  INFO  [security.sync.ChainingUserRegistrySynchronizer] [main] 6 user(s) and 9 group(s) processed
 2012-12-17 11:45:03,774  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete

mon fichier ldap-authentication.properties

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0}))) 

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0}))) 

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=Groups,o\=GDT,c\=FR

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
#ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain
# On ne peut pas restreindre plus, étant donné que Informatique et FAM doivent avoir accès à l'application
ldap.synchronization.userSearchBase=ou\=People,o\=GDT,c\=FR


# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=uid

# The attribute on person objects in LDAP to map to the first name property in Alfresco
#ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userFirstNameAttributeName=givenName

# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn

# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail

# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=businessCategory

# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn

# The attribute on LDAP group objects to map to the authority display name property in Alfresco
#ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupDisplayNameAttributeName=cn

# The group type in LDAP (objectClass)
ldap.synchronization.groupType=groupOfUniqueNames

# The person type in LDAP (objectClass)
ldap.synchronization.personType=inetOrgPerson

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember

Et le ldif de l'annuaire 

dn: ou=Groups,o=GDT,c=FR
ou: Groups
objectClass: organizationalUnit
objectClass: top
structuralObjectClass: organizationalUnit
entryUUID: 33e8e2a4-c380-1031-8970-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121115145512Z
entryCSN: 20121115145512Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121115145512Z
entryDN: ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: TRUE

dn: cn=GDT_Administrateur_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_Administrateur_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: c34a0cbe-c8eb-1031-897f-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122745Z
entryCSN: 20121122124402Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124402Z
entryDN: cn=GDT_Administrateur_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Administrateur_Recette,ou=Groups,o=GDT,c=FR
cn: GDT_Administrateur_Recette
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: cbc049f8-c8eb-1031-8980-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122759Z
entryCSN: 20121122124408Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124408Z
entryDN: cn=GDT_Administrateur_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Recette,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_GestionnaireReference_Recette
structuralObjectClass: groupOfUniqueNames
entryUUID: d349e652-c8eb-1031-8981-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122812Z
entryCSN: 20121122124416Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124416Z
entryDN: cn=GDT_GestionnaireReference_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Recette,ou=Groups,o=GDT,c=FR
cn: GDT_Utilisateur_Recette
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: defe6b30-c8eb-1031-8982-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122122831Z
entryCSN: 20121122124526Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124526Z
entryDN: cn=GDT_Utilisateur_Recette,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_Utilisateur_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: 20a2f56a-c8ec-1031-8983-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123021Z
entryCSN: 20121122124520Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124520Z
entryDN: cn=GDT_Utilisateur_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Utilisateur_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=USER,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_Utilisateur_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 25ca2d7e-c8ec-1031-8984-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123030Z
entryCSN: 20121122131655Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131655Z
entryDN: cn=GDT_Utilisateur_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_Administrateur_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=ADMIN,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_Administrateur_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 2bc95538-c8ec-1031-8985-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123040Z
entryCSN: 20121122131820Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131820Z
entryDN: cn=GDT_Administrateur_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Ingenierie,ou=Groups,o=GDT,c=FR
cn: GDT_GestionnaireReference_Ingenierie
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
structuralObjectClass: groupOfUniqueNames
entryUUID: 340da8ac-c8ec-1031-8986-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123054Z
entryCSN: 20121122124411Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122124411Z
entryDN: cn=GDT_GestionnaireReference_Ingenierie,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

dn: cn=GDT_GestionnaireReference_Exploitation,ou=Groups,o=GDT,c=FR
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=NNI1,ou=People,o=GDT,c=FR
uniqueMember: uid=GESTIO,ou=People,o=GDT,c=FR
uniqueMember: uid=ALL,ou=People,o=GDT,c=FR
cn: GDT_GestionnaireReference_Exploitation
structuralObjectClass: groupOfUniqueNames
entryUUID: 3adde76e-c8ec-1031-8987-57123cabdb5f
creatorsName: cn=Manager,o=GDT,c=FR
createTimestamp: 20121122123105Z
entryCSN: 20121122131814Z#000000#00#000000
modifiersName: cn=Manager,o=GDT,c=FR
modifyTimestamp: 20121122131814Z
entryDN: cn=GDT_GestionnaireReference_Exploitation,ou=Groups,o=GDT,c=FR
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

Les utilisateurs sont parfaitement créer, mais pas les groupes.
Chose encore plus étrange, sans bouger la conf, mais en mettant une version plus ancienne (4.0.a) ma synchronisation a bien lieux, celle ci n'effectue pas la liaison entre mes groupes et mes users mais les groupes sont présent.
J'ai déjà fais un post sur le forum en mais étant sans réponse depuis plus d'une semaine je me permet d'en refaire un ici.
En espérant avoir une réponse …

Cordialement,

Maxime
Labels
0 Kudos
Reply
3 Replies
rguinot
Customer
‎17 Dec 2012 6:12 PM

Re: OpenLdap Groups synchronisation 4.0.e

En ce qui concerne le lien entre les groupes et les users, vérifiez avec un LDAP browser la valeur de 

# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=uniqueMember

Dans OpenLDAP, il s'agit généralement de member, et non uniqueMember, ce qui expliquerait l'absence de lien.

De même, vérifiez 

ldap.synchronization.groupType=groupOfUniqueNames

Généralement, dans OpenLDAP, il s'agit plutôt de groupOfNames.

Laissez savoir.
0 Kudos
Reply
maxime
Member II
‎18 Dec 2012 11:14 AM

Re: OpenLdap Groups synchronisation 4.0.e

Bonjour,

Merci de vous intéresser à mon problème, je commence à désespérer.
J'utilise des objets de types un peu spécifique dans mon ldap pour pouvoir coller avec l'intégration cible. (une petite asso qui utilise un ldap avec surcouche)
J'utilise bien l'attribut uniqueMember ainsi que les objets groupOfUniqueNames Smiley Sad
0 Kudos
Reply
maxime
Member II
‎3 Jan 2013 8:26 AM

Re: OpenLdap Groups synchronisation 4.0.e

Mon problème n'est toujours pas résolu, et je ne peut malheureusement pas passer en version supérieur, je suis obligé d'utiliser une jvm 1.6 afin de pouvoir utiliser un autre petit logiciel qui ne fonctionne pas en 1.7 Smiley Sad
0 Kudos
Reply
The Archive

Content from pre 2016 and from language groups that have been closed.

Content is read-only.

“Alfresco

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.