https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288117#M241247 <HTML><HEAD></HEAD><BODY><SPAN>Hello allow. I hope everyone is well. I just started to configure Alfresco 4.2.c and trying to integrate it with Active directory and I'm having issues trying to sync the groups and since I am having issues, I can't seem to get everyone over to Alfresco so they can login, etc. So first off here is what I have:</SPAN><BR /><BR /><SPAN>——————————————————–</SPAN><BR /><SPAN>AD:</SPAN><BR /><BR /><SPAN>Windows 2008 R2</SPAN><BR /><SPAN>Users: cn=users,dc=company,dc=com</SPAN><BR /><SPAN>Groups: cn=users,dc-company,dc=com</SPAN><BR /><BR /><SPAN>Alfresco Server:</SPAN><BR /><BR /><SPAN>CentOS 6.4</SPAN><BR /><SPAN>Version 4.2.c</SPAN><BR /><BR /><SPAN>——————————————————–</SPAN><BR /><BR /><SPAN>The error I'm receiving:</SPAN><BR /><BR /><SPAN>2013-06-10 13:03:26,773&nbsp; WARN&nbsp; [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DnsAdmins' with distinguished name: CN=XXXXX XXXXX,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><BR /><SPAN>——————————————————–</SPAN><BR /><BR /><SPAN>Here is an LDIF of the group:</SPAN><BR /><BR /><SPAN>dn: CN=DnsAdmins,CN=Users,DC=company,DC=com</SPAN><BR /><SPAN>objectClass: top</SPAN><BR /><SPAN>objectClass: group</SPAN><BR /><SPAN>cn: DnsAdmins</SPAN><BR /><SPAN>description: DNS Administrators Group</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=xxx,OU=Users,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=dnsuser dnsuser,CN=Users,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company ,DC=com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Information Systems,OU=Users,OU=City,DC=company,DC =com</SPAN><BR /><SPAN>member: CN=xxx xxx,OU=Users,OU=Information Systems,OU=City,DC=company,DC=com</SPAN><BR /><SPAN>distinguishedName: CN=DnsAdmins,CN=Users,DC=company,DC=com</SPAN><BR /><SPAN>instanceType: 4</SPAN><BR /><SPAN>whenCreated: xxxx</SPAN><BR /><SPAN>whenChanged: xxxxxx</SPAN><BR /><SPAN>uSNCreated: 21016</SPAN><BR /><SPAN>uSNChanged: 54848339</SPAN><BR /><SPAN>name: DnsAdmins</SPAN><BR /><SPAN>objectGUID:: xxxxx</SPAN><BR /><SPAN>objectSid:: xxxxxx</SPAN><BR /><SPAN>sAMAccountName: DnsAdmins</SPAN><BR /><SPAN>sAMAccountType: 268435456</SPAN><BR /><SPAN>groupType: -2147483646</SPAN><BR /><SPAN>objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=company,DC=com</SPAN><BR /><SPAN>dSCorePropagationData: 20110228172317.0Z</SPAN><BR /><SPAN>dSCorePropagationData: 20110228172311.0Z</SPAN><BR /><SPAN>dSCorePropagationData: 20110228171706.0Z</SPAN><BR /><SPAN>dSCorePropagationData: 20110228171633.0Z</SPAN><BR /><SPAN>dSCorePropagationData: 16010714223649.0Z</SPAN><BR /><BR /><SPAN>——————————————————–</SPAN><BR /><BR /><SPAN>This is my config file I'm using: </SPAN><BR /><BR /><SPAN>&lt;TOP&gt;/alfresco-4.2.c/tomcat/shared/classes/alfresco-global.properties</SPAN><BR /><BR /><SPAN>### LDAP ###</SPAN><BR /><SPAN>authentication.chain=passthru1<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />assthru,ldap1:ldap</SPAN><BR /><BR /><SPAN>passthru.authentication.sso.enabled=false</SPAN><BR /><SPAN>passthru.authentication.allowGuestLogin=false</SPAN><BR /><SPAN>passthru.authentication.authenticateCIFS=false</SPAN><BR /><SPAN>passthru.authentication.authenticateFTP=false</SPAN><BR /><SPAN>passthru.authentication.servers=XX.X.X.13,XX.X.X.14</SPAN><BR /><SPAN>passthru.authentication.domain=company.com</SPAN><BR /><SPAN>passthru.authentication.useLocalServer=false</SPAN><BR /><SPAN>passthru.authentication.defaultAdministratorUserNames=privuser</SPAN><BR /><SPAN>passthru.authentication.connectTimeout=5000</SPAN><BR /><SPAN>passthru.authentication.offlineCheckInterval=300</SPAN><BR /><SPAN>passthru.authentication.protocolOrder=TCPIP,NETBIOS</SPAN><BR /><BR /><SPAN>ldap.authentication.active=false</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=simple</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=false</SPAN><BR /><SPAN>ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://XX.X.X.13:389</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInBind=false</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInUid=false</SPAN><BR /><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><SPAN><A class="jive-link-email-small" href="mailto:ldap.synchronization.java.naming.security.principal=privuser@company.com" rel="nofollow noopener noreferrer">ldap.synchronization.java.naming.security.principal=privuser@company.com</A></SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=secretpw</SPAN><BR /><SPAN>ldap.synchronization.queryBatchSize=1000</SPAN><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=nogroup)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp; (objectclass=user)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.groupQuery=(objectclass\=group)</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=cn\=users,dc=company,dc=com</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=cn\=users,dc=company,dc=com</SPAN><BR /><SPAN>ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp</SPAN><BR /><SPAN>ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'</SPAN><BR /><SPAN>ldap.synchronization.userIdAttributeName=sAMAccountName</SPAN><BR /><SPAN>ldap.synchronization.userFirstNameAttributeName=givenName</SPAN><BR /><SPAN>ldap.synchronization.userLastNameAttributeName=sn</SPAN><BR /><SPAN>ldap.synchronization.userEmailAttributeName=mail</SPAN><BR /><SPAN>ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion</SPAN><BR /><SPAN>ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider</SPAN><BR /><SPAN>ldap.synchronization.groupIdAttributeName=cn</SPAN><BR /><SPAN>ldap.synchronization.groupType=Nogroup</SPAN><BR /><SPAN>ldap.synchronization.personType=user</SPAN><BR /><SPAN>ldap.synchronization.groupMemberAttributeName=member</SPAN><BR /><BR /><SPAN>synchronization.synchronizeChangesOnly=true</SPAN><BR /><SPAN>cifs.enabled=false</SPAN><BR /><BR /><SPAN>——————————————————–</SPAN><BR /><BR /><SPAN>I know it has something to do with the group members and references into other groups/OU's. But I have read so many blogs, forums and such on this subject and I'm just so totally confused now. I'm not an LDAP expert and the search strings and such confuse me so much. I am also not a windows admin. Just a lonely UNIX admin. I'm just looking for someone who would want to share their working configuration. Anyone?</SPAN><BR /><BR /><SPAN>(Of cousre I had to clean up the output as to not put anything out there about the internals of my company)</SPAN><BR /><BR /><SPAN>Thanks!</SPAN><BR /><BR /><SPAN>Glen</SPAN><BR /></BODY></HTML> Mon, 10 Jun 2013 20:28:29 GMT glenc2004 2013-06-10T20:28:29Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288117#M241247 Hello allow. I hope everyone is well. I just started to configure Alfresco 4.2.c and trying to integrate it with Active directory and I'm having issues trying to sync the groups and since I am having issues, I can't seem to get everyone over to Alfresco so they can login, etc. So first off here is w Mon, 10 Jun 2013 20:28:29 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288117#M241247 glenc2004 2013-06-10T20:28:29Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288118#M241248 <HTML><HEAD></HEAD><BODY><SPAN>Hi, Glen.</SPAN><BR /><BR /><SPAN>You write ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=nogroup)blah blah blah…</SPAN><BR /><BR /><SPAN>I think you must prepend backslashes to every "=" operator in LDAP queries. Also, shouldn' t it read objectClass\=group? "nogroup"?</SPAN><BR /><BR /><BR /><SPAN>(I do know, it is case insensitive but I always use mixed case naming style.)</SPAN><BR /><BR /><SPAN>"not an LDAP expert, not a windows admin"… Nice description, the same here.</SPAN><BR /><BR /><SPAN>Hope that helps.</SPAN></BODY></HTML> Fri, 21 Jun 2013 09:58:44 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288118#M241248 albertocabello 2013-06-21T09:58:44Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288119#M241249 <HTML><HEAD></HEAD><BODY><SPAN>I am having the same problem where I cannot sync AD users information in Alfresco. Were you able to figure out your problem? My configs look similar to yours too</SPAN></BODY></HTML> Wed, 20 Nov 2013 05:40:55 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288119#M241249 pete109 2013-11-20T05:40:55Z https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288120#M241250 <HTML><HEAD></HEAD><BODY><SPAN>The "Failed to resolve member" error may not be the source of your problem.&nbsp; I have logs filled with that error, but yet LDAP authentication is working just fine…</SPAN></BODY></HTML> Tue, 07 Jul 2015 19:21:25 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-community-version-4-2-c-and-active-directory/m-p/288120#M241250 sscbrian 2015-07-07T19:21:25Z