AnsweredAssumed Answered

Active directory sync not working properly

Question asked by pete109 on Nov 18, 2013
Latest reply on Nov 18, 2013 by pete109
I integrated Alfresco server with Active Directory. My AD users can access Alfresco with no problem. But the user information did not sync. The username, lastname and all other information of users from AD is not showing in Alfresco. All my Alfresco users are in Class Users OU in AD. I added following in alfresco-global.properties file:

authentication.chain=passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false

passthru.authentication.servers=172.40.203.4
passthru.authentication.domain=CORP
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=Administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.40.203.4:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=CORP\\Administrator
ldap.synchronization.java.naming.security.credentials=########
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(!modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

ldap.synchronization.groupSearchBase=ou\=Class Users,dc=corp,dc=enterprise,dc=com
ldap.synchronization.userSearchBase=ou\=Class Users,dc=corp,dc=enterprise,dc=com

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

synchronization.synchronizeChangesOnly=true

cifs.enabled=false

Outcomes