https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239274#M192404 <HTML><HEAD></HEAD><BODY><SPAN>Maybe you've resolved this by now, but when an unknown user attempts to login and is authenticated, it triggers a sync.&nbsp; Your config is attempting to do a sync at this location:</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">ldap.synchronization.userSearchBase=cn\=Users,dc\=myhome,dc\=net</BLOCKQUOTE><BR /><SPAN>I think by default it attempts to add the first 1000 users.</SPAN><BR /><BR /><SPAN>You can narrow the scope by adding a query string which only selects users with certain attributes:</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote"><STRONG>ldap.synchronization.personDifferentialQuery</STRONG><BR />&nbsp;&nbsp;&nbsp; The query to select objects that represent the users to export that have changed since a certain time. Should use the placeholder {0} in place of a timestamp in the format specified by ldap.synchronization.timestampFormat. The timestamp substituted will be the maximum value of the attribute named by ldap.synchronization.modifyTimestampAttributeName the last time users were queried. This query is used in 'differential sync mode', which by default is triggered whenever a user is successfully authenticated that does not yet exist in Alfresco. See The Synchronization Subsystem.</BLOCKQUOTE><BR /><A href="http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2</A></BODY></HTML> Fri, 31 Jul 2009 19:41:12 GMT jbaldo 2009-07-31T19:41:12Z https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239273#M192403 I'm new to Alfresco and just spent the last week configuring Alfresco 3.2.&nbsp; I use AD and I am experiencing a problem with the synchronization with AD.&nbsp; Every time my AD user logs in, Alfresco creates all the users.&nbsp; Is the normal behaviour ?&nbsp; My configuration is ldap.authentication.active=falseldap. Thu, 23 Jul 2009 09:32:28 GMT https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239273#M192403 lchoonch 2009-07-23T09:32:28Z https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239274#M192404 <HTML><HEAD></HEAD><BODY><SPAN>Maybe you've resolved this by now, but when an unknown user attempts to login and is authenticated, it triggers a sync.&nbsp; Your config is attempting to do a sync at this location:</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">ldap.synchronization.userSearchBase=cn\=Users,dc\=myhome,dc\=net</BLOCKQUOTE><BR /><SPAN>I think by default it attempts to add the first 1000 users.</SPAN><BR /><BR /><SPAN>You can narrow the scope by adding a query string which only selects users with certain attributes:</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote"><STRONG>ldap.synchronization.personDifferentialQuery</STRONG><BR />&nbsp;&nbsp;&nbsp; The query to select objects that represent the users to export that have changed since a certain time. Should use the placeholder {0} in place of a timestamp in the format specified by ldap.synchronization.timestampFormat. The timestamp substituted will be the maximum value of the attribute named by ldap.synchronization.modifyTimestampAttributeName the last time users were queried. This query is used in 'differential sync mode', which by default is triggered whenever a user is successfully authenticated that does not yet exist in Alfresco. See The Synchronization Subsystem.</BLOCKQUOTE><BR /><A href="http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2</A></BODY></HTML> Fri, 31 Jul 2009 19:41:12 GMT https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239274#M192404 jbaldo 2009-07-31T19:41:12Z https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239275#M192405 <HTML><HEAD></HEAD><BODY><SPAN>thank you I manage to resolve this.&nbsp; It is as you said the ldap syncs on login if the user has not been created. This was not the only problem.&nbsp; Narrowing the sync query AND also excluding the Guest user ( I am using AD ) fixed the problem for me.</SPAN></BODY></HTML> Sun, 02 Aug 2009 07:18:46 GMT https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239275#M192405 lchoonch 2009-08-02T07:18:46Z https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239276#M192406 <HTML><HEAD></HEAD><BODY><SPAN>FYI it queries in batches of 1000 users at a time but is not restricted to 1000 users. It just uses multiple round-trips to the LDAP server to retrieve the users. This is controlled by:</SPAN><BR /><BR /><SPAN>ldap.synchronization.queryBatchSize</SPAN></BODY></HTML> Mon, 03 Aug 2009 09:43:43 GMT https://connect.hyland.com/t5/alfresco-archive/sync-problem-with-active-directory/m-p/239276#M192406 dward 2009-08-03T09:43:43Z