AnsweredAssumed Answered

LDAP Sync issue

Question asked by ymolinet on Nov 29, 2013
Latest reply on Nov 29, 2013 by mrogers
Hi all,

I'm just update to alfresco community 4.2.e.
Alfresco is configure with SSO and LDAP Sync to my AD 2008R2.
SSO is working.
LDAP sync don't show any error but it don't update the properties.
For example, a new user is allow to connect to alfresco. SSO is working for this user but his propertie are not update from AD.

LDAP Sync show the message in log :


2013-11-29 16:10:00,341  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronizing users and groups with user registry 'ldap-ad1'
2013-11-29 16:10:00,363  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Full synchronization with user registry 'ldap-ad1'
2013-11-29 16:10:00,363  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Some users and groups previously created by synchronization with this user registry may be removed.
2013-11-29 16:10:00,414  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Retrieving groups changed since 12 juin 2013 08:37:45 from user registry 'ldap-ad1'
2013-11-29 16:10:00,485  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=1 Group Analysis: Commencing batch of 0 entries
2013-11-29 16:10:00,486  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=1 Group Analysis: Completed batch of 0 entries
2013-11-29 16:10:00,603  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Retrieving users changed since 19 août 2013 11:26:47 from user registry 'ldap-ad1'
2013-11-29 16:10:00,613  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=6 User Creation and Association: Commencing batch of 0 entries
2013-11-29 16:10:00,616  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=6 User Creation and Association: Completed batch of 0 entries
2013-11-29 16:10:00,647  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Finished synchronizing users and groups with user registry 'ldap-ad1'
2013-11-29 16:10:00,649  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] 0 utilisateur(s) et 0 groupe(s) traité(s)


here is my ldap sync config :


synchronization.import.cron=0 0/10 * ? * *
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s@domain.local
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://domain.local:3268
ldap.synchronization.java.naming.security.principal=administrateur@domain.local
ldap.synchronization.java.naming.security.credentials=mypassword
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(&(objectclass=group)(memberOf=cn=Groupes Alfresco,ou=Security Groups,ou=MyBusiness,dc=domain,dc=local))
ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(memberOf=cn=Groupes Alfresco,ou=Security Groups,ou=MyBusiness,dc=domain,dc=local)(!(whenChanged<={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged<={0})))
ldap.synchronization.groupSearchBase=dc\=domain,dc\=local
ldap.synchronization.userSearchBase=dc\=domain,dc\=local
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true


Thanks for help,
Yannick

Outcomes