AnsweredAssumed Answered

AD user status Sync

Question asked by muthu.domain on Aug 2, 2018
Latest reply on Aug 9, 2018 by cesarista

Hi,

 

we have alfresco 5.2 in our environment. we have a couple of active directory domain and which is mapped in alfresco. previously we have all the users (including disabled and active users) in the alfresco.

 

issue 1:

we have modified the person query and enabled "synchronization.allowDeletions" in ldap-ad-authentication.properties to perform a full sync with the AD.

 

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true

 

After we restarted the service with the above configuration, we still can see the users in alfresco which are already got deleted in AD.

 

issue 2:

we also configured the user status to be reflected in the alfresco, hence we modified the alfresco-global.properties with the below parameters.

 

authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,ad1:ldap-ad,ad2:ldap-ad,ad3:ldap-ad,ad4:ldap-ad

 

### user account status syncronization ###
synchronization.externalUserControl=true
synchronization.externalUserControlSubsystemName=ad1,ad2,ad3,ad4
ldap.synchronization.userAccountStatusProperty=userAccountControl
ldap.synchronization.disabledAccountPropertyValue=514

 

after we restarted the alfresco service, we still see that user status (enabled/disabled) is not reflected in alfresco. users which are disabled in AD is still active in alfresco. 

 

let me know what could be the issue here. our final goal is to do a full sync with active users in alfresco. if the user is disabled, the same should be reflected in alfresco as well.

 

Appreciate your help!

Outcomes