AnsweredAssumed Answered

synchronize aslfresco with openldap

Question asked by alikthename on Mar 11, 2011
HI,

I'm trying to synchronize alfresco with openldap but have ho success.
Here is my /opt/alfresco-3.4.d/tomcat/shared/classes/alfresco-global.properties


## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-3.4.d/alf_data

web.application.context.url=http://127.0.0.1:8080/alfresco

### database connection properties ###
db.driver=org.gjt.mm.mysql.Driver
db.username=user
db.password=pass
db.name=name
db.url=jdbc:mysql://localhost:3306/${db.name}?useUnicode=yes&characterEncoding=UTF-8

### FTP Server Configuration ###
ftp.enabled=true
ftp.port=2121
ftp.ipv6.enabled=false

###——–LDAP————-
authentication.chain=passthru1:passthru,ldap1:ldap
cifs.domain=COMPANY

# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
passthru.authentication.sso.enabled=false
#ntlm.authentication.authenticateCIFS=false

passthru.authentication.servers=192.168.0.1
passthru.authentication.domain=COMPANY
passthru.authentication.useLocalServer=false
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.mapUnknownUserToGuest=false

##### Ldap Synchronisation
ldap.authentication.active=false
ldap.synchronization.active=true

# User Bind settings
ldap.authentication.java.naming.provider.url=ldap://192.168.0.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=administrator,dc=company,dc=net
ldap.synchronization.java.naming.security.credentials=*********

# what to sync
ldap.synchronization.userSearchBase=ou=Users,dc=company,dc=net
ldap.synchronization.groupSearchBase=ou=Groups,dc=company,dc=net
ldap.synchronization.groupQuery=(objectclass=posixGroup)
ldap.synchronization.personQuery=(loginShell=/bin/bash)
synchronization.synchronizeChangesOnly=true
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

# map attributes
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail

log4j.logger.org.alfresco.repo.security.sync=debug
ldap.synchronization.java.naming.security.authentication=simple
###——————————————-

### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0

### External executable locations ###
ooo.exe=/program/soffice.bin
ooo.enabled=false
img.root=/opt/alfresco-3.4.d/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-3.4.d/common/bin/pdf2swf
jodconverter.enabled=true
jodconverter.officeHome=
jodconverter.portNumbers=8101

### Initial admin password ###
alfresco_user_store.adminpassword=*************************


And here is what I have in the log (credentials are modified):

16:10:00,088 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
16:10:00,088 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Full synchronization with user registry 'ldap1'; some users and groups previously created by synchronization with this user registry may be removed.
16:10:00,091 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since 22.02.2011 10:17:52 from user registry 'ldap1'
16:10:00,095 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
16:10:00,095 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
16:10:00,127 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,127 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,127 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,127 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,128 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,129 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,130 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User missing user id attribute DN =uid=user_n,ou=Users,dc=company,dc=net  att = uid
16:10:00,136 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
16:10:00,141 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 33 entries
16:10:00,155 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: user.n@company.net, modifytimestamp=modifyTimestamp: 20100722082638Z, givenname=givenName: Name, sn=sn: Surname}

[b]And same for remaining 32 users[/b]

16:10:00,159 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 33 entries
16:10:00,192 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Commencing batch of 0 entries
16:10:00,192 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Completed batch of 0 entries
16:10:00,192 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
16:10:00,192 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 33 user(s) and 0 group(s) processed

It looks like the system can't see uid attribute but it's present. Can't get what's wrong.
What I'm able to do is logging in with user info stored in ldap, then the user is created within alfresco but only username (uid actually) is present in the profile information.
I'm a bit new to this project so help is very much appreciated.
Thanks in advance.

Outcomes