AnsweredAssumed Answered

Atentifica pero no sincroniza

Question asked by alarde on May 27, 2011
Latest reply on Jun 3, 2011 by alarde
Buenas a todos!!

Vuelvo de nuevo con otro problema… Autentifica contra Active Directory pero no sincroniza los usuarios. Necesito que me migre los usuarios del AD a Alfresco, pero no hay forma, autentifica contra AD perfectamente y cuando inicia sesión un usuario sí lo ve alfresco en la búsqueda de usuarios, pero si buscas un usuario que están en AD pero que no se ha autentificado, este no lo encuentra…

Os dejo el error que me da en la sincronización:

12:34:41,335 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
12:34:41,335 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
12:34:41,366 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 04270000 LDAP authentication failed.
.
.
.

12:34:41,398 User:System WARN  [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 04270000 LDAP authentication failed.

Y mi alfresco-global.properties


#authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true

passthru.authentication.useLocalServer=false
passthru.authentication.domain=csat.local
passthru.authentication.servers=csat.local\\172.1xx.xxx.xxx

ntlm.authentication.sso.enables=false
ntlm.authentication.mapUnknownUserToGuest=false

passthru.authentication.authenticateFTP=false

passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=xxxxxxx
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.1xx.xxx.xxx:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.synchronization.java.naming.security.principal=xxxxxxxx
ldap.synchronization.java.naming.security.credentials=xxxxxx
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
# ESTO VA ARRIBA (&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=posixGroup)

ldap.synchronization.groupSearchBase=cn\=Users,dc=csat,dc=local

ldap.synchronization.userSearchBase=cn\=Users,dc=csat,dc=local

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=homeDirectory
ldap.synchronization.groupIdAttributeName=group
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
synchronization.synchronizeChangesOnly=true

cifs.disableNativeCode=false
cifs.enabled=true
cifs.serverName=xxxxx
cifs.domain=csat.local
cifs.hostannounce=true
cifs.sessionTimeout=500
cifs.ipv6.enabled=false
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139
cifs.WINS.autoDetectEnabled=true

Outcomes