AnsweredAssumed Answered

Unable to retrive users/groups from ldap

Question asked by ashraf on Feb 26, 2014
Latest reply on Mar 17, 2014 by mlagneaux
Hi All,

I did the following configuration in Alfresco for ldap sync, things are looking to be fine i am able to login with the ldap user, but unable to search users/group (for inviting them to my project), it says no user found, tried searching with both username and username@domainname, but nothing worked out.

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=no
ldap.authentication.userNameFormat=mail=%s,ou=Users,domainName=example.co.in,o=domains,dc=example,dc=co.in
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.14.4:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn\=vmail,dc\=example,dc\=co.in
ldap.synchronization.java.naming.security.credentials=test@3456677
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=10000
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,domainName\=example.co.in,o\=domains,dc\=example,dc\=co.in
ldap.synchronization.userSearchBase=ou\=Users,domainName\=example.co.in,o\=domains,dc\=example,dc\=co.in
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
ldap.synchronization.enableProgressEstimation=true

and following is the debug log….

014-02-25 19:46:17,710 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2014-02-25 19:46:18,045 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-02-25 19:46:18,128 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-02-25 19:46:18,177 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2014-02-25 19:46:18,178 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2014-02-25 19:46:18,192 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since Feb 25, 2014 4:52:34 PM from user registry 'ldap1'
2014-02-25 19:46:18,216 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2014-02-25 19:46:18,216 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2014-02-25 19:46:18,244 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2014-02-25 19:46:18,244 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 0 user(s) and 0 group(s) processed
2014-02-25 19:46:18,320 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete



I could see the debug logs ,<blockcode> 0 user(s) and 0 group(s) processed </blockcode> , where as we have more than 200 users and 20 groups in ldap server.

Requesting all experts to provide some advice.

Regards,
Ashraf

Outcomes