AnsweredAssumed Answered

LDAP Syncronization with passthru not working the way I would expect?

Question asked by dataman on Jul 23, 2015
I think I'm missing something in the documentation about accouns that are already created and ldap synchronization. We have passthru and ldap authentication working (Atleast I think, but our ldap sync task is not pulling all of our ldap users in alfresco, and we don't see the givenName or sn from AD being synchronized into alfresco. Could you guys explain why this is happening?




###############################
## Common Alfresco Properties #
###############################


# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN





### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=D:/leveldata/apps/Alfresco



### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443


### BPM Engine ###
system.workflow.engine.jbpm.enabled=false


### Allow extended ResultSet processing
security.anyDenyDenies=false

#Custom Settings from

mail.host=mailrelay
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.from.default=noreply@us.com
mail.smtp.auth=false


mail.testmessage.send=true
mail.testmessage.to=nus@us.com
mail.testmessage.subject=Outbound SMTP

mail.testmessage.text=The Outbound SMTP email subsystem is working.

#Authentication settings
#passthru1:passthru
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,passthru1:passthru
ntlm.authentication.sso.enabled=false


### CIFS/SMB Server Configuration ###
cifs.enabled=true
cifs.domain=ld.local
cifs.serverName=${localname}A
cifs.hostannounce=true


#CIFS with LDAP We have to use passthru for CIFS due to limitations in how cifs has to authenticate
ntlm.authentication.authenticateCIFS=false
#Must be disabled to allow chained password-based login
ntlm.authentication.sso.enabled=false




#ntlm.authentication.mapUnknownUserToGuest=false


alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false

passthru.authentication.authenticateCIFS=true


passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.servers=LD\\10.1.1.1

passthru.authentication.offlineCheckInterval=300


#LDAP authentication
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain.local
ldap.authentication.java.naming.provider.url=ldap://domain.local:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco_service@domain
ldap.synchronization.java.naming.security.credentials=somepassword
ldap.synchronization.groupSearchBase=OU=Groups,OU=domain,DC=local
ldap.synchronization.userSearchBase=DC=domain,DC=local

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false


#JMX - No JMX in community edition
#alfresco.rmi.services.host=alfresco.something.com
#alfresco.rmi.services.port=50500
alfresco.rmi.services.host=0.0.0.0
alfresco.rmi.services.port=50500



Alfresco.log


2015-07-23 00:00:01,565 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Synchronizing users and groups with user registry 'ldap1'
2015-07-23 00:00:03,112 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Full synchronization with user registry 'ldap1'
2015-07-23 00:00:03,112 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Some users and groups previously created by synchronization with this user registry may be removed.
2015-07-23 00:00:03,143 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Retrieving all groups from user registry 'ldap1'
2015-07-23 00:00:03,237 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2015-07-23 00:00:03,237 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2015-07-23 00:00:15,331 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
   at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at javax.naming.directory.InitialDirContext.search(Unknown Source)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
   … 11 more
2015-07-23 00:00:15,862 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-4] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
   at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at javax.naming.directory.InitialDirContext.search(Unknown Source)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
   … 11 more
2015-07-23 00:00:15,862 ERROR [org.quartz.core.JobRunShell] [DefaultScheduler_Worker-4] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
   at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at javax.naming.directory.InitialDirContext.search(Unknown Source)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
   … 11 more
2015-07-23 00:00:15,862 ERROR [org.quartz.core.ErrorLogger] [DefaultScheduler_Worker-4] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.]
   at org.quartz.core.JobRunShell.run(JobRunShell.java:227)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 062343424 Error during LDAP Search. Reason:LDAP response read timed out, timeout used:0ms.
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1298)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:556)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1462)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$1400(ChainingUserRegistrySynchronizer.java:960)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1680)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:700)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:429)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   … 1 more
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:0ms.; remaining name 'DC=ld,DC=local'
   at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
   at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
   at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
   at javax.naming.directory.InitialDirContext.search(Unknown Source)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
   … 11 more

Outcomes