AnsweredAssumed Answered

AD ldap user syncronization when users in different containers

Question asked by skushnerenko on Nov 28, 2017
Latest reply on Nov 28, 2017 by skushnerenko

We have to search users in AD in case users are distributed in several containers (OU) among AD tree.

But only users from base container are syncronized.

Is it possible to search users among all OU containers of AD treee?

AD settings of alfresco-global.properties is applied

authentication.protection.enabled=false
ldap.authentication.active=true
ldap.synchronization.active=true
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@somedomain.com.ua
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.somedomain.com.ua:389
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.authentication=simple
ldap.authentication.defaultAdministratorUserNames=adadmin
ldap.synchronization.java.naming.security.principal=aduser@somedomain.com.ua
ldap.synchronization.java.naming.security.credentials=somepassword
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000

ldap.synchronization.groupQuery=(&(objectclass\=group)(CN\=webadmin))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(CN\=admin))(!(CN\=robot)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0}))(!(CN\=admin))(!(CN\=robot)))
ldap.synchronization.groupSearchBase=dc\=somedomain,dc\=com,dc\=ua
ldap.synchronization.userSearchBase=dc\=somedomain,dc\=com,dc\=ua
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.authentication.java.naming.read.timeout=0
ldap.synchronization.userAccountStatusProperty=ds-pwp-account-disabled
ldap.synchronization.disabledAccountPropertyValue=true

ldap.synchronization.userFirstNameAttributeName=givenName

dap.synchronization.userLastNameAttributeName=sn

ldap.synchronization.userEmailAttributeName=mail

ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

ldap.synchronization.groupIdAttributeName=cn

ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true

ldap.pooling.com.sun.jndi.ldap.connect.pool.debug=all


synchronization.autoCreatePeopleOnLogin=true
synchronization.synchronizeChangesOnly=false

synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true

synchronization.externalUserControl=true
synchronization.externalUserControlSubsystemName=ldap1

synchronization.import.cron=0 0/15 * * * ?

Outcomes