AnsweredAssumed Answered

Problems with LDAP :: Missing 'equals';

Question asked by gareth on Jul 5, 2011
Latest reply on Jul 12, 2011 by heiko.robert
Hi, this seems to be a very popular topic, but I'm afraid I can't find the answer.

I've reached the point where I have Alfresco authenticating against Zimbra LDAP, but there seems to be either a Java or Alfresco bug I can't get around hence syncing isn't working properly. I have the following in my config;
ldap.synchronization.groupSearchBase=dc=xxxx,dc=com
ldap.synchronization.userSearchBase=dc=xxxx,dc=com
Group sync works fine, yet user sync fails with;
Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=xxxx,dc=com'
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
[this is community version 3.4.d on Ubuntu]
It seems the query never makes it to the LDAP API, so I'm sort of guessing this is Alfreso (?) , it doesn't seem to matter "what" I put in for the userSearchBase, it will always throw an error at this point. (albeit the error changes depending in what I enter, however it always seems to find a reason to barf at this point)

Any pointers would be much appreciated!!

#
#       AUTHENTICATION
#
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,OU=people,DC=xxxx,DC=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://zm.xxxx.com:3890
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
#
#       SYNCRONISATION
#
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=zimbra,cn=admins,cn=zimbra
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronisation.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc=xxxx,dc=com
ldap.synchronization.userSearchBase=dc=xxxx,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=xxxx
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=zimbraMailRecipient
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.enableProgressEstimation=true
ldap.synchronisation.import.person.cron=55 11 * * * ?
ldap.synchronisation.import.group.cron=56 11 * * * ?
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false

Outcomes