AnsweredAssumed Answered

Multiple non-chained ADs - local group merge possible ?

Question asked by spam on Mar 12, 2019
Latest reply on Mar 14, 2019 by alxgomz



I want to ask if it is possible to configure multiple subsystems (ADs) not chained together in a way that groups from ADs will be merged in alfresco to respective groups.


Example :

AD01 - (ldap.synchronization.groupSearchBase=OU=Afresco,OU=Security groups,DC=domain,DC=com)

AD02 - (ldap.synchronization.groupSearchBase=OU=Afresco,OU=Security groups,DC=domain2,DC=com)

- Groups in the OUs will have same name i.e. CN=group1 , CN=group2 in both ADs

  • AD01 :
    • CN=group1,OU=Afresco,OU=Security groups,DC=domain,DC=com
    • CN=group2,OU=Afresco,OU=Security groups,DC=domain,DC=com
  • AD02 :
    • CN=group1,OU=Afresco,OU=Security groups,DC=domain2,DC=com
    • CN=group2,OU=Afresco,OU=Security groups,DC=domain2,DC=com


There is synchronization.allowDeletions option which has only true/false value, I need to join users from these groups to same group in Alfresco. This way I will be able to add users from both ADs to same local group synced in Alfresco and folders will have only one group as permission and it this group will contain users from both ADs.


When I set allowDeletions to true, users are overidden according to AD configuration order/priority.

When I set allowDeletions to false, users relations to groups from AD02 ignored / not synced to respective local groups from AD01.


Is this setup possible? Can someone advice ?