topic Re: Alfresco and Active Directory authentication in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239045#M192175 <HTML><HEAD></HEAD><BODY><SPAN>great 4 you bruno, that u have configured alfresco succesfully to integrate in Windows ADS …</SPAN><BR /><BR /><SPAN>can u plz post ur configs here, how u have resolved it ?</SPAN><BR /><BR /><SPAN>i wann login to alfresco with my ads-users …</SPAN><BR /><SPAN>this works, if users a created twice … once in ads and once in alfresco …</SPAN><BR /><SPAN>changeing ads-password will let the user login to alfresco with the new passwd …</SPAN><BR /><BR /><SPAN>but newly created users are not able to login …</SPAN></BODY></HTML> Mon, 12 Oct 2009 13:30:02 GMT elmuchacho 2009-10-12T13:30:02Z Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239040#M192170 Hi all,&nbsp;&nbsp;&nbsp;&nbsp; I have configured Alfresco 3.2 to search for users in Active Directory base. How the best config I can do to solve these following requirements?1 - Only users that are within a specific group in a specific OU can access Alfresco. e.g.: cn=alfresco,ou=internal_access,dc=domain,dc=com&nbsp; &lt; Thu, 01 Oct 2009 21:00:09 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239040#M192170 bruno_galindro 2009-10-01T21:00:09Z Re: Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239041#M192171 <HTML><HEAD></HEAD><BODY><SPAN>1.</SPAN><BR /><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><BR /><SPAN>2. That will happen on a nightly basis in the scheduled full sync as long as</SPAN><BR /><BR /><SPAN>synchronization.synchronizeChangesOnly=false</SPAN><BR /><BR /><SPAN>See </SPAN><A href="http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem</A><BR /><BR /><SPAN>3. With the current defaults, that will only happen once sync removes the user from Alfresco. However, with an upcoming check in to HEAD (once we get the all clear to start checking in) you could use the new 'dynamic user ID resolution' feature to ensure that users who are not returned by the person query are not authenticated.</SPAN><BR /><BR /><SPAN>4. So you want the users to remain in Alfresco but not be authenticated when you remove them from the group? In that case you want this. personQuery will be used in authentication only. But unfortunately it won't be possible to delete any users with this configuration.</SPAN><BR /><BR /><SPAN>synchronization.synchronizeChangesOnly=true # No deletions</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=# Leave blank for dynamic user ID resolution coming soon!</SPAN></BODY></HTML> Fri, 02 Oct 2009 14:36:40 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239041#M192171 dward 2009-10-02T14:36:40Z Re: Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239042#M192172 <HTML><HEAD></HEAD><BODY><SPAN>dward, thankyou very much for your anwser! </SPAN><BR /><BR /><SPAN>I have two more questions:</SPAN><BR /><BR /><SPAN>1 - I need to use backslash to escape equals from all parameters contents?</SPAN><BR /><BR /><SPAN>2 - How can I configure these following properties to work with my scenario?</SPAN><BR /><PRE class="language-none line-numbers"><CODE>ldap.synchronization.groupSearchBase<BR />ldap.synchronization.userSearchBase<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>I´ve configured the above parameters with these two contents:</SPAN><BR /><BR /><STRONG>First attempt</STRONG><BR /><PRE class="language-none line-numbers"><CODE>ldap.synchronization.groupSearchBase=dc=domain,dc=com<BR />ldap.synchronization.userSearchBase=dc=domain,dc=com<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>It generates the following error:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE>08:51:14,750 INFO&nbsp; [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'<BR />08:51:14,754 INFO&nbsp; [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'<BR />08:51:15,213 WARN&nbsp; [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries<BR />org.alfresco.error.AlfrescoRuntimeException: 09050024 Failed to import people.<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.&lt;init&gt;(LDAPUserRegistry.java:772)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardService.start(StandardService.java:516)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Catalina.start(Catalina.java:578)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.reflect.Method.invoke(Method.java:597)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)<BR />Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'dc=domain,dc=com'<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.Connection.readReply(Connection.java:411)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.&lt;init&gt;(LDAPUserRegistry.java:768)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 52 more<BR />08:51:15,258 INFO&nbsp; [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><STRONG>Second attempt:</STRONG><BR /><PRE class="language-none line-numbers"><CODE>ldap.synchronization.groupSearchBase=ou\=internal_access,dc=domain,dc=com<BR />ldap.synchronization.userSearchBase=ou\=internal_access,dc=domain,dc=com<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>It generates the following error:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE>10:33:38,824 User:System INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'<BR />10:33:38,837 User:System INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'<BR />10:33:38,903 User:System WARN&nbsp; [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries<BR />org.alfresco.error.AlfrescoRuntimeException: 09050014 Failed to import people.<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.&lt;init&gt;(LDAPUserRegistry.java:772)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:455)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncPersonsWithPlugin(ChainingUserRegistrySynchronizer.java:379)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:270)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1$1.execute(ChainingUserRegistrySynchronizer.java:916)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:233)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1.doWork(ChainingUserRegistrySynchronizer.java:908)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:904)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:460)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardService.start(StandardService.java:516)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Catalina.start(Catalina.java:578)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.reflect.Method.invoke(Method.java:597)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)<BR />Caused by: javax.naming.CommunicationException: Request: 2 cancelled; remaining name 'ou=internal_access,dc=domain,dc=com'<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.Connection.readReply(Connection.java:411)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.fetchNext(LDAPUserRegistry.java:938)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonIterator.&lt;init&gt;(LDAPUserRegistry.java:768)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 52 more<BR />10:33:38,911 User:System INFO&nbsp; [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Mon, 05 Oct 2009 14:39:21 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239042#M192172 bruno_galindro 2009-10-05T14:39:21Z Re: Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239043#M192173 <HTML><HEAD></HEAD><BODY><SPAN>dward, I´ve fixed the problem. The error is on the parameter value sintax:</SPAN><BR /><BR /><STRONG>Wrong</STRONG><SPAN>:</SPAN><BR /><SPAN>ldap.synchronization.personQuery=</SPAN><STRONG>(</STRONG><SPAN>&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)</SPAN><STRONG>)</STRONG><SPAN>(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)</SPAN><BR /><BR /><SPAN>ldap.synchronization.personDifferentialQuery=</SPAN><STRONG>(</STRONG><SPAN>&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)</SPAN><STRONG>)</STRONG><SPAN>(!(modifyTimestamp&lt;\={0}))</SPAN><BR /><BR /><STRONG>Correct</STRONG><SPAN>:</SPAN><BR /><SPAN>ldap.synchronization.personQuery=</SPAN><STRONG>(</STRONG><SPAN>&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)</SPAN><STRONG>)</STRONG><BR /><BR /><SPAN>ldap.synchronization.personDifferentialQuery=</SPAN><STRONG>(</STRONG><SPAN>&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(memberOf=cn=alfresco,ou=internal_access,dc=domain,dc=com)(!(modifyTimestamp&lt;\={0}))</SPAN><STRONG>)</STRONG><BR /><BR /><BR /><SPAN>Ok, but my problem has not been solved yet. The users who have a valid login on LDAP can still logon to Alfresco. But, those users logins are not syncronized with Alfresco. I´ve noticed that the parameters above is only used to restrict the user syncronization and not to restrict the user logon. </SPAN><BR /><BR /><STRONG>I´m right?</STRONG></BODY></HTML> Tue, 06 Oct 2009 13:55:22 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239043#M192173 bruno_galindro 2009-10-06T13:55:22Z Re: Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239044#M192174 <HTML><HEAD></HEAD><BODY><SPAN>dward,</SPAN><BR /><SPAN>I´ve solved my problem changing the value of synchronization.autoCreatePeopleOnLogin parameter to </SPAN><STRONG>false</STRONG><SPAN>. This parameter is located in /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties file.</SPAN><BR /><BR /><A href="http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem</A><BR /><BR /><SPAN>Thankyou very much!</SPAN></BODY></HTML> Tue, 06 Oct 2009 14:36:35 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239044#M192174 bruno_galindro 2009-10-06T14:36:35Z Re: Alfresco and Active Directory authentication https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239045#M192175 <HTML><HEAD></HEAD><BODY><SPAN>great 4 you bruno, that u have configured alfresco succesfully to integrate in Windows ADS …</SPAN><BR /><BR /><SPAN>can u plz post ur configs here, how u have resolved it ?</SPAN><BR /><BR /><SPAN>i wann login to alfresco with my ads-users …</SPAN><BR /><SPAN>this works, if users a created twice … once in ads and once in alfresco …</SPAN><BR /><SPAN>changeing ads-password will let the user login to alfresco with the new passwd …</SPAN><BR /><BR /><SPAN>but newly created users are not able to login …</SPAN></BODY></HTML> Mon, 12 Oct 2009 13:30:02 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-and-active-directory-authentication/m-p/239045#M192175 elmuchacho 2009-10-12T13:30:02Z