AnsweredAssumed Answered

samba4 AD ldap settings not synching

Question asked by yaboc on May 20, 2016
Latest reply on May 31, 2016 by steven.okennedy
Hi I'm trying to get ldap auth and sync working against alfresco without success

Can anyone please point me in the right direction to get it to work ?

Thank you

Here's what i currently have in global config

######AUTHENTIFICATION CHAIN####
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

######SUBSYSTEM AUTHENTIFICATION####

### SIMPLE AUTHENTIFICATION ###
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s

ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://10.18.66.5:389
ldap.authentication.allowGuestLogin=true

#####################################
###### SUBSYSTEM SYNCHRONISATION ####
#####################################

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=CN\=Mail Bind,OU\=BIND,DC\=wmpny,DC\=lan

ldap.synchronization.java.naming.security.credentials=mailpass

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.groupQuery=(objectclass=groupOfNames)

ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)

ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=OU\=Security Group,OU\=WMPNY,DC\=wmpny,DC\=lan

ldap.synchronization.userSearchBase=OU\=Users,OU\=1756,OU\=WMPNY,DC\=wmpny,DC\=lan

ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

################# ATTRIBUTE MAPPING #############
#### mapping to unique username in username attribute###
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userLastNameAttributeName=cn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.personType=(&(sAMAccountName={0})(objectClass=User)(!(objectClass=Computer)))
ldap.synchronization.active=true

ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true
####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false

# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/5 * * * ?

Outcomes