AnsweredAssumed Answered

Some LDAP Users cannot login

Question asked by t.schoeberl on Aug 7, 2017
Latest reply on Aug 10, 2017 by cesarista

Hello,

 

I am currently working with Alfresco Community 5.2f and I have a problem with our LDAP authentication configuration. Mostly everyday there is an user who cannot login and nothing is in the logfile. The user is not locked in AD, because he can login in other applications and the other users can successfully login in Alfresco. After a restart from Alfresco it works for the user, but some other users cannot login.

We tried a synchronisation cronjob for each hour, but the user cannot login yet.

 

Here is my LDAP configuration:

 

synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0 * * * ?

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=[x]
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=schota
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=[x]
ldap.synchronization.java.naming.security.credentials=[x]
ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=500
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=organizationalPerson)(|(company\=OOEGKK)(memberOf\=CN=g-ueberlassene,OU=System,OU=_Groups,OU=OOEGKK,DC=ooegkk,DC=gkk,DC=sv-services,DC=at))(!(userPrincipalName\=*accounting.sv-services.at)))
ldap.synchronization.personDifferentialQuery=(&(&(objectClass\=organizationalPerson)(|(company\=OOEGKK)(memberOf\=CN=g-ueberlassene,OU=System,OU=_Groups,OU=OOEGKK,DC=ooegkk,DC=gkk,DC=sv-services,DC=at))(!(userPrincipalName\=*accounting.sv-services.at)))(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=OU\=_Groups,OU\=OOEGKK,DC\=ooegkk,DC\=gkk,DC\=sv-services,DC\=at
ldap.synchronization.userSearchBase=DC\=sv-services,DC\=at
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=cn
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=organizationalPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=180000

 

Any help regarding this issue would be greatly appreciated.

 

Thanks

Outcomes