AnsweredAssumed Answered

Synchronise users with their groups LDAP AD configuration

Question asked by yacinezr on May 23, 2017
Latest reply on Aug 3, 2017 by afaust

hello,
I have a problem of synchronisation with LDAP active directory and alfresco.
I can successfully synchronise all the groups and all users but unfortunately all the groups are empty
can you please help me to find a solution to import users in their appropriate groups

 

alfresco-global.properties : alfresco community 5.2 201701


### authentication.chain=alfinst:alfrescoNtlm,ldap1:lda
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

 

### Ntlm ###
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false

 

### Synchronisation Active Directory ###
synchronization.import.cron=0 0/59 21-23 ? * MON-FRI
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true

 

ldap-authentication.properties

 

ldap.authentication.active=true

 

ntlm.authentication.sso.enabled=false

 

ldap.authentication.allowGuestLogin=false

 

ldap.synchronization.java.naming.security.principal=CN=OVDI,OU=System Users,DC=domain,DC=biz


ldap.synchronization.java.naming.security.credentials=123456789

 

ldap.synchronization.groupSearchBase=dc=domain,dc=biz

 

ldap.synchronization.userSearchBase=dc=domain,dc=biz

 

# How to map the user id entered by the user to that passed through to LDAP

 

ldap.authentication.userNameFormat=%s@domain.biz

 

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory


ldap.authentication.java.naming.provider.url=ldap://dc01.domain.biz:389


ldap.authentication.java.naming.security.authentication=simple


ldap.authentication.escapeCommasInBind=false


ldap.authentication.escapeCommasInUid=false


ldap.synchronization.queryBatchSize=0


ldap.synchronization.attributeBatchSize=100


ldap.synchronization.groupQuery=(objectclass\=group)


ldap.synchronization.personQuery=(objectclass\=person)


ldap.synchronization.personDifferentialQuery=(objectclass\=person)


ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

 

ldap.synchronization.userIdAttributeName=sAMAccountName

 

ldap.synchronization.userFirstNameAttributeName=givenName


ldap.synchronization.userLastNameAttributeName=sn

 

ldap.synchronization.userEmailAttributeName=mail


ldap.synchronization.userOrganizationalIdAttributeName=ou


ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider


ldap.synchronization.groupIdAttributeName=cn


ldap.synchronization.groupType=group


ldap.synchronization.personType=person


ldap.synchronization.groupMemberAttributeName=members


ldap.synchronization.enableProgressEstimation=true


ldap.authentication.java.naming.read.timeout=0

 

synchronization.synchronizeChangesOnly=false

 

As you can see in these images that I could import groups and users.
but all groups are all empty

Outcomes