AnsweredAssumed Answered

Group Synchronization issues

Question asked by uptime365 on Aug 7, 2010
Latest reply on Aug 10, 2010 by dward
Hi all,

I'm new here. I'm having certain issues with in alfresco - OpenLDAP integration  .

>> As soon as a full sync is run the groups that are previously synced from OpenLDAP server is getting deleted in alfresco.
>> All members of LDAP group are not imported to corresponding group in alfresco
>> Users that are getting created on alfresco have two entries with two different home dir's

/Company Home/User Homes/<username>
/Company Home/User Homes/<cn>

My configuration is as below,

1)  alfresco-global.properties to have the following:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

2) I have created the folders structure as below

shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1

3) the configuration is as below:  ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=cn=%s,ou=Testdir,o=Directory
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.1.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.security.principal=cn=Admin,o=Directory
ldap.authentication.java.naming.security.credentials=secret
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=Admin,o=Directory
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
dap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=Testdir,o=Directory
ldap.synchronization.userSearchBase=ou=Testdir,o=Directory
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=posixAccount
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.import.cron=0 0 * * * ?

Hoping somebody out there will help me on this, i've burned myself out  :(

Thanks for the help
Uptime

Outcomes