https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285897#M239027 <HTML><HEAD></HEAD><BODY><P>Hi again:</P><P></P><P>Another aprox is related to define a big group in your AD, under (OU) Others &gt; (OU) Alfresco :</P><P></P><P>ldap.synchronization.personQuery=(&amp;(objectclass\=user)<STRONG>(memberOf=CN=Alfresco_Users,OU=Alfresco,OU=Others,DN=domain,DN=tld)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</P><P>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)<STRONG>(memberOf=CN=Alfresco_Users,OU=Alfresco,OU=Others,DN=domain,DN=tld)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;={0})))</P><P></P><P>This is simpler for LDAP admins.</P><P></P><P>Regards.</P><P></P><P>--C.</P></BODY></HTML> Thu, 10 Nov 2016 07:10:54 GMT cesarista 2016-11-10T07:10:54Z https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285895#M239025 Hi all!I'm greenhorn in the Alfresco. At the moment I am trying to resolve connection to AD, but for some reason I have not succeeded with the synchronization.Groups is synchronized correctly, users is associated into a correct groups, but during synchronization is created a lot of other accounts (a Wed, 09 Nov 2016 23:09:18 GMT https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285895#M239025 fux 2016-11-09T23:09:18Z https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285896#M239026 <HTML><HEAD></HEAD><BODY><P>Hi Vladimir:</P><P></P><P>One aprox. is to use extension attributes in LDAP to flag or distinguish Alfresco users. Then, you only have to configure the default user LDAP sync queries according to this attribute. If you flag extensionAttribute3=alf to Adam and John, you should sync only the corresponding users with:</P><P></P><P>ldap.synchronization.personQuery=(&amp;(objectclass\=user)<STRONG>(extensionAttribute3\=alf)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</P><P>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)<STRONG>(extensionAttribute3\=alf)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;\={0})))</P><P></P><P>Take into consideration that you should disable authentication for not synced users, and "clean" already synced users.</P><P></P><P>Hope this helps.</P><P></P><P>--C.</P></BODY></HTML> Thu, 10 Nov 2016 06:53:37 GMT https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285896#M239026 cesarista 2016-11-10T06:53:37Z https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285897#M239027 <HTML><HEAD></HEAD><BODY><P>Hi again:</P><P></P><P>Another aprox is related to define a big group in your AD, under (OU) Others &gt; (OU) Alfresco :</P><P></P><P>ldap.synchronization.personQuery=(&amp;(objectclass\=user)<STRONG>(memberOf=CN=Alfresco_Users,OU=Alfresco,OU=Others,DN=domain,DN=tld)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</P><P>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)<STRONG>(memberOf=CN=Alfresco_Users,OU=Alfresco,OU=Others,DN=domain,DN=tld)</STRONG>(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;={0})))</P><P></P><P>This is simpler for LDAP admins.</P><P></P><P>Regards.</P><P></P><P>--C.</P></BODY></HTML> Thu, 10 Nov 2016 07:10:54 GMT https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285897#M239027 cesarista 2016-11-10T07:10:54Z https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285898#M239028 <HTML><HEAD></HEAD><BODY><P>Hi Cesar,</P><P>thank You for response.</P><P>I also thought of this solution (Your message from 10.11.2016 7:53) and tried out it. It works. It brings only a little extra work for the AD administrator.</P><P>I believed that alfresco it should be possible to configure such way to synchronize only those users, who are registered in groups, which is <SPAN class="alt-edited">obtained from the</SPAN> AD.</P><P>Something like: ldap.synchronization.magicSwitchForVladimir=true&nbsp;&nbsp; <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /><SPAN class="emoticon_happy emoticon-inline"></SPAN></P><P></P><P>The second method, which You suggest in message from 10.11.2016 8:10 is unacceptable for me, because the group membership in my case have a crucial meaning for correct function of workflows.</P><P>Thank You for Your effort and assistance.</P><P>Vladimir</P></BODY></HTML> Thu, 10 Nov 2016 08:54:47 GMT https://connect.hyland.com/t5/alfresco-archive/selective-synchronization-of-users-according-to-groups-ldap-ad/m-p/285898#M239028 fux 2016-11-10T08:54:47Z