AnsweredAssumed Answered

ldap synchronization without deletion of users/groups?

Question asked by stefan776 on Oct 15, 2010
Latest reply on Mar 15, 2011 by erny1803
I am running an instance of Alfresco Community 3.4a and use the LDAP synchronization subsystem to pull users into Alfresco on a nightly basis.
However recently the user account that is used to connect to the LDAP server temporarily lost its view privileges on certain properties such as UID (due to a misconfiguration issue on the LDAP-server side).
Which caused the sync-job to not find any users during its nightly run, resulting in wiping out all imported users from my Alfresco instance.
Naturally, I would like to shield my alfresco instance from such a meltdown in the future as much as possible.

So my question is - would it be possible to run the LDAP synchronization as scheduled job in "Differential" mode? Meaning that only create/update operations are applied but no users/groups get deleted from alfresco if the corresponding records are not found on the LDAP server.

The wiki documentation
explains how user deletion applies to running a scheduled job in "differential with deletions" vs. "full mode", but doesn't give any info how to run such a job in "differential"-only mode or not.
Is this even possible?
If so, what configuration settings would have to be applied?

Any tips/pointers in the right direction will be much appreciated.
Many thanks,
- Stefan