AnsweredAssumed Answered

Howto synchronize with multiple Active directory location

Question asked by liku on Nov 18, 2018

I use Alfresco CE 5.2 and I have one Active Directory server with more different locations to search. I found out that it was possible to configure it with ECM edition but can you help me with CE?

I succesfully synchronize all users and import the groups. But the OU=topTree has several SubTrees that contains users and their position in groups that are in topTree. I am not able to get users for the grops. My log says:

Failed to resolve member of group 'GROUP1' with distinguished name: CN=person1,OU=SubTree,OU=TopTree,DC=domain,DC=com


I need to synchronize multple ldap location - that SubTree - to attach users to groups.

 

Thank you for any help.

Libor

 

I have such config in alfresco-global.properties:

 

### LDAP authentication.chain=ldap1:ldap-ad,alfinst:alfrescoNtlm ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false

ldap.authentication.userNameFormat=%s@domain.com

ldap.authentication.java.naming.provider.url=ldap://klatovy-dc2.klatovy.local:389 ldap.authentication.defaultAdministratorUserNames=Administrator ldap.synchronization.java.naming.security.principal=alfresco@domain.com ldap.synchronization.java.naming.security.credentials=****

ldap.synchronization.active=true \

ldap.synchronization.userSearchBase=OU=topTreeWithUsersAndGroup,DC=domain,DC=com

ldap.synchronization.userIdAttributeName=sAMAccountName ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.userLastNameAttributeName=cn ldap.synchronization.userEmailAttributeName=mail

ldap.synchronization.personQuery=(&(objectclass\=user) ldap.synchronization.userIdAttributeName=cn

ldap.synchronization.userType=user

ldap.synchronization.userSearchBase=OU=topTreeWithUsersAndGroup,DC=domain,DC=com

ldap.synchronization.groupQuery=(&(objectclass\=group)) ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.groupType=group

# Sync

synchronization.synchronizeChangesOnly=false

synchronization.allowDeletions=true

synchronization.syncWhenMissingPeopleLogIn=true

synchronization.syncOnStartup=true

synchronization.import.cron=0 */30 * * * ? ldap.synchronization.enableProgressEstimation=true

Outcomes