AnsweredAssumed Answered

LDAP group memberships not synchronized (v5.0.a)

Question asked by jack.chuong on Oct 22, 2014
Latest reply on Aug 1, 2017 by ilyass
Hi all,
I'm using Alfresco 5.0.a Community on Centos 6.4 64 bit, my Active Directory server : Windows Server 2008 R2
I have a problem with the LDAP integration configuration - Group memberships are not synchronized - all groups are shown empty.

This is my alfresco-global.properties configuration :


### Active Directory
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://ad.mydomain.com:389
ldap.authentication.defaultAdministratorUserNames=jack.chuong
ldap.synchronization.java.naming.security.principal=CN=Jack Chuong,OU=Users,OU=ICT,OU=SGN,OU=Central Management,DC=mydomain,DC=com
ldap.synchronization.java.naming.security.credentials=*******
ldap.synchronization.userSearchBase=OU\=Central Management,DC\=mydomain,DC\=com
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.personType=(&(sAMAccountName={0})(objectClass=User)(!(objectClass=Computer)))
ldap.synchronization.active=true
# Sync
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true

ldap.synchronization.groupSearchBase=OU\=Central Management,DC=\mydomain,DC\=com
ldap.synchronization.groupIdAttributeName=sAMAccountName
ldap.synchronization.groupDisplayNameAttributeName=cn
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.groupType=group
ldap.synchronization.groupMemberSearch=(|(objectClass=user)(objectClass=group))


The error we get on startup of Alfresco 5.0.a is:
2014-10-21 14:30:06,301 WARN [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-6] Failed to resolve member of group 'it-sgn@mydomain.com' with distinguished name: CN=Jack Chuong,OU=Users,OU=ICT,OU=SGN,OU=Central Management,DC=mydomain,DC=com

Domain users and groups are synced from AD to Alfresco, domain users can login to Alfresco but I can't set permission on a shared folder to groups because group memberships are empty.

Attachments

Outcomes