AnsweredAssumed Answered

Alfresco AD sync of Users in Multiple Sub-OUs [SOLVED]

Question asked by jcgrayjr on Jul 17, 2014
Latest reply on Feb 9, 2018 by rken
Hello everyone!

I am sorry if this subject has been touched in the past.  I have been working on it for about a week now and searching the forums, as well as the internet.  But I have not found anything that addresses my specific requirement.

Here is what I am trying to do:
I have successfully integrated Alfresco Community with our Active Directory server and I was able to sync ALL users accounts in our domain.  I did this initially to test and make sure I can get it to connect and work.  Now, what I would like to do is only pull users from three distinct sub OUs.  Here is a generic example of what our AD hierarchy looks like (I did not design or implement our AD structure BTW):

DOMAIN.LOCAL
…..|
…..—Division1
…..|………|
…..|………—HR
…..|………|
…..|………—Business
…..|………|
…..|………—Finance
…..|………|
…..|………—Misc
…..|
…..—Division2
……………|
……………—Developers
……………|
……………—Testers

I want Alfresco to sync all of the user accounts from the HR, Business, & Finance OUs under Division1, but I do not want to pull in the users from the Misc OU or any user from Division2 or it's sub-OUs.

From what I have read, and I could be wrong, but I can't limit the OU search for users in the ldap.synchronization.personQuery.  I have to do this in the  ldap.synchronization.userSearchBase which restricts the user search base to a sub section of the tree.  What I am having problems with is how to restrict it to multiple sub-OUs.  Is this even possible?

I know I could remedy this by simply creating an AlfrescoUsers group and then importing the users through the ldap.synchronization.groupSearchBase, but I am limited to what I can do in our AD.

Thanks in advance for the help.

Outcomes