https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294600#M247730 <HTML><HEAD></HEAD><BODY><SPAN>Hi, I Just installed alfresco 5.0d and have zimbra running on another server. I'd configure authentication for Alfresco against the Zimbra LDAP and it works fine for a while, but after some time (like 30 minutes) it stop working.</SPAN><BR /><BR /><SPAN>On my alfresco.log i can see a timeout exception, but the weird thing is that it work for a while and if i restart my alfresco it get back for some more time, can anyone helpme?</SPAN><BR /><BR /><SPAN>This is the exception i get:</SPAN><BR /><BR /><SPAN>&lt;blockcode&gt;</SPAN><BR /><SPAN><SPAN>2015-08-03 16:46:17,417 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl] [http-apr-80-exec-2] Failed to authenticate user "</SPAN><A class="jive-link-email-small" href="mailto:some.user@boos.com.co" rel="nofollow noopener noreferrer">some.user@boos.com.co</A><SPAN>"</SPAN></SPAN><BR /><SPAN>org.alfresco.repo.security.authentication.AuthenticationException: 07030167 Unable to search LDAP. Reason LDAP response read timed out, timeout used:10000ms.</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:1027)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.java:121)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:162)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:68)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:195)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.lang.reflect.Method.invoke(Method.java:483)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:159)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.proxy.$Proxy61.authenticate(Unknown Source)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:79)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:72)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:482)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:457)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:551)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:619)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:326)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:280)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:378)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.lang.Thread.run(Thread.java:745)</SPAN><BR /><SPAN>Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:10000ms.; remaining name 'ou=people,dc=boos,dc=com,dc=co'</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.Connection.readReply(Connection.java:478)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:563)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.resolveDistinguishedName(LDAPUserRegistry.java:962)</SPAN><BR /><SPAN>&lt;/blockcode&gt;</SPAN><BR /><BR /><SPAN>And This is my /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldapBoos/ldap-authentication.properties (the server, user and password are ok on the original file):</SPAN><BR /><BR /><SPAN>&lt;blockcode&gt;</SPAN><BR /><SPAN># This flag enables use of this LDAP subsystem for authentication. It may be</SPAN><BR /><SPAN># that this subsytem should only be used for synchronization, in which case</SPAN><BR /><SPAN># this flag should be set to false.</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><BR /><SPAN>#</SPAN><BR /><SPAN># This properties file brings together the common options for LDAP authentication rather than editing the bean definitions</SPAN><BR /><SPAN>#</SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=false</SPAN><BR /><SPAN># How to map the user id entered by the user to that passed through to LDAP</SPAN><BR /><SPAN># - simple </SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp; - this must be a DN and would be something like</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uid=%s,ou=People,dc=company,dc=com</SPAN><BR /><SPAN># - digest</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp; - usually pass through what is entered</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</SPAN><BR /><SPAN># If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will </SPAN><BR /><SPAN># be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to</SPAN><BR /><SPAN># appear in the DN.</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=</SPAN><BR /><BR /><SPAN># The LDAP context factory to use</SPAN><BR /><SPAN>ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory</SPAN><BR /><BR /><SPAN># The URL to connect to the LDAP server </SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://myserver.boos.com.co:389</SPAN><BR /><BR /><SPAN># The authentication mechanism to use for password validation</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=simple</SPAN><BR /><BR /><SPAN># Escape commas entered by the user at bind time</SPAN><BR /><SPAN># Useful when using simple authentication and the CN is part of the DN and contains commas</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInBind=false</SPAN><BR /><BR /><SPAN># Escape commas entered by the user when setting the authenticated user</SPAN><BR /><SPAN># Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is </SPAN><BR /><SPAN># pulled in as part of an LDAP sync</SPAN><BR /><SPAN># If this option is set to true it will break the default home folder provider as space names can not contain \</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInUid=false</SPAN><BR /><BR /><SPAN># Comma separated list of user names who should be considered administrators by default</SPAN><BR /><SPAN><A class="jive-link-email-small" href="mailto:#ldap.authentication.defaultAdministratorUserNames=some.user@boos.com.co" rel="nofollow noopener noreferrer">#ldap.authentication.defaultAdministratorUserNames=some.user@boos.com.co</A></SPAN><BR /><BR /><SPAN># This flag enables use of this LDAP subsystem for user and group</SPAN><BR /><SPAN># synchronization. It may be that this subsytem should only be used for </SPAN><BR /><SPAN># authentication, in which case this flag should be set to false.</SPAN><BR /><SPAN>ldap.synchronization.active=true</SPAN><BR /><BR /><SPAN># The authentication mechanism to use for synchronization</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.authentication=simple</SPAN><BR /><BR /><SPAN># The default principal to use (only used for LDAP sync)</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=uid\=zimbra,cn\=admins,cn\=zimbra</SPAN><BR /><BR /><SPAN># The password for the default principal (only used for LDAP sync)</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=XXXXXXXX</SPAN><BR /><BR /><SPAN># If positive, this property indicates that RFC 2696 paged results should be</SPAN><BR /><SPAN># used to split query results into batches of the specified size. This</SPAN><BR /><SPAN># overcomes any size limits imposed by the LDAP server.</SPAN><BR /><SPAN>ldap.synchronization.queryBatchSize=0</SPAN><BR /><BR /><SPAN># If positive, this property indicates that range retrieval should be used to fetch</SPAN><BR /><SPAN># multi-valued attributes (such as member) in batches of the specified size.</SPAN><BR /><SPAN># Overcomes any size limits imposed by Active Directory.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><BR /><SPAN>ldap.synchronization.attributeBatchSize=0</SPAN><BR /><BR /><SPAN># The query to select all objects that represent the groups to import.</SPAN><BR /><SPAN>ldap.synchronization.groupQuery=(objectclass\=zimbraDistributionList)</SPAN><BR /><BR /><SPAN># The query to select objects that represent the groups to import that have changed since a certain time.</SPAN><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=zimbraDistributionList)(!(modifyTimestamp&lt; \={0})))</SPAN><BR /><BR /><SPAN># The query to select all objects that represent the users to import.</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(objectClass\=organizationalPerson)</SPAN><BR /><BR /><SPAN># The query to select objects that represent the users to import that have changed since a certain time.</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=organizationalPerson)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><BR /><SPAN># The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=cn\=groups,dc\=boos,dc\=com,dc\=co</SPAN><BR /><BR /><SPAN># The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou\=people,dc\=boos,dc\=com,dc\=co</SPAN><BR /><BR /><SPAN># The name of the operational attribute recording the last update time for a group or user.</SPAN><BR /><SPAN>ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp</SPAN><BR /><BR /><SPAN># The timestamp format. Unfortunately, this varies between directory servers.</SPAN><BR /><SPAN>ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'</SPAN><BR /><BR /><SPAN># The attribute name on people objects found in LDAP to use as the uid in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.userIdAttributeName=mail</SPAN><BR /><BR /><SPAN># The attribute on person objects in LDAP to map to the first name property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.userFirstNameAttributeName=givenName</SPAN><BR /><BR /><SPAN># The attribute on person objects in LDAP to map to the last name property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.userLastNameAttributeName=sn</SPAN><BR /><BR /><SPAN># The attribute on person objects in LDAP to map to the email property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.userEmailAttributeName=mail</SPAN><BR /><BR /><SPAN># The attribute on person objects in LDAP to map to the organizational id&nbsp; property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.userOrganizationalIdAttributeName=cn</SPAN><BR /><BR /><SPAN># The default home folder provider to use for people created via LDAP import</SPAN><BR /><SPAN>ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider</SPAN><BR /><BR /><SPAN># The attribute on LDAP group objects to map to the authority name property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.groupIdAttributeName=mail</SPAN><BR /><BR /><SPAN># The attribute on LDAP group objects to map to the authority display name property in Alfresco</SPAN><BR /><SPAN>ldap.synchronization.groupDisplayNameAttributeName=mail</SPAN><BR /><BR /><SPAN># The group type in LDAP</SPAN><BR /><SPAN>ldap.synchronization.groupType=zimbraDistributionList</SPAN><BR /><BR /><SPAN># The person type in LDAP</SPAN><BR /><SPAN>ldap.synchronization.personType=organizationalPerson</SPAN><BR /><BR /><SPAN># The attribute in LDAP on group objects that defines the DN for its members</SPAN><BR /><SPAN>ldap.synchronization.groupMemberAttributeName=zimbraMailForwardingAddress</SPAN><BR /><BR /><SPAN># If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.</SPAN><BR /><SPAN>ldap.synchronization.enableProgressEstimation=true</SPAN><BR /><BR /><SPAN># Requests timeout, in miliseconds, use 0 for none (default)</SPAN><BR /><SPAN>ldap.authentication.java.naming.read.timeout=10000</SPAN><BR /><BR /><SPAN># Cada cuanto sincroniza?</SPAN><BR /><SPAN>synchronization.import.cron=0 1 * * * ?</SPAN><BR /><BR /><SPAN># Sincronizar al iniciar</SPAN><BR /><SPAN>synchronization.syncOnStartup=true</SPAN><BR /><BR /><SPAN>&lt;/blockcode&gt;</SPAN></BODY></HTML> Mon, 03 Aug 2015 21:30:00 GMT jdbotero 2015-08-03T21:30:00Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294600#M247730 Hi, I Just installed alfresco 5.0d and have zimbra running on another server. I'd configure authentication for Alfresco against the Zimbra LDAP and it works fine for a while, but after some time (like 30 minutes) it stop working.On my alfresco.log i can see a timeout exception, but the weird thing i Mon, 03 Aug 2015 21:30:00 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294600#M247730 jdbotero 2015-08-03T21:30:00Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294601#M247731 <HTML><HEAD></HEAD><BODY><SPAN><SPAN>I'd suggest that you remove all references to </SPAN><A class="jive-link-email-small" href="mailto:some.user@boos.com.co" rel="nofollow noopener noreferrer">some.user@boos.com.co</A><SPAN> - just use the standard LDAP admin account for authenticating - until you get it working reliably.</SPAN></SPAN><BR /><BR /><SPAN>My blog might be helpful, also?&nbsp; - </SPAN><A href="http://geofoss.net/category/alfresco/" rel="nofollow noopener noreferrer">http://geofoss.net/category/alfresco/</A><BR /><BR /></BODY></HTML> Mon, 03 Aug 2015 23:48:38 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294601#M247731 tybion 2015-08-03T23:48:38Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294602#M247732 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>here is my Zimbra LDAP configuration</SPAN><BR /><BR /><SPAN>&lt;blockcode&gt;</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>ldap.authentication.allowGuestLogin=false</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=uid\=%s,ou\=people,dc\=DOMAIN,dc\=TLD</SPAN><BR /><SPAN>ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory</SPAN><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://INTERNAL.ZIMBRA.SRV:389</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=simple</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInBind=false</SPAN><BR /><SPAN>ldap.authentication.escapeCommasInUid=false</SPAN><BR /><SPAN>ldap.authentication.defaultAdministratorUserNames=admin</SPAN><BR /><SPAN>ldap.synchronization.active=false</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.principal=uid\=zimbra,cn\=admins,cn\=zimbra</SPAN><BR /><SPAN>ldap.synchronization.java.naming.security.credentials=</SPAN><BR /><SPAN>ldap.synchronization.queryBatchSize=1000</SPAN><BR /><SPAN>ldap.synchronization.groupQuery=(objectclass\=groupOfNames)</SPAN><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=groupOfNames)(!(modifyTimestamp&lt;\={0})))</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=inetOrgPerson)(!(modifyTimestamp&lt;\={0}) ))</SPAN><BR /><SPAN>ldap.synchronization.groupSearchBase=ou\=groups,dc\=DOMAIN,dc\=TLD</SPAN><BR /><SPAN>ldap.synchronization.userSearchBase=ou\=people,dc\=DOMAIN,dc\=TLD</SPAN><BR /><SPAN>ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp</SPAN><BR /><SPAN>ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'</SPAN><BR /><SPAN>ldap.synchronization.userIdAttributeName=uid</SPAN><BR /><SPAN>ldap.synchronization.userFirstNameAttributeName=givenName</SPAN><BR /><SPAN>ldap.synchronization.userLastNameAttributeName=sn</SPAN><BR /><SPAN>ldap.synchronization.userEmailAttributeName=mail</SPAN><BR /><SPAN>ldap.synchronization.userOrganizationalIdAttributeName=o</SPAN><BR /><SPAN>ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider</SPAN><BR /><SPAN>ldap.synchronization.groupIdAttributeName=cn</SPAN><BR /><SPAN>ldap.synchronization.groupType=groupOfNames</SPAN><BR /><SPAN>ldap.synchronization.personType=inetOrgPerson</SPAN><BR /><SPAN>ldap.synchronization.groupMemberAttributeName=member</SPAN><BR /><SPAN>ldap.synchronization.enableProgressEstimation=true</SPAN><BR /><SPAN>&lt;/blockcode&gt;</SPAN><BR /><BR /><SPAN>if you have several domains in zimbra and wants to allow users for other domains to connect, create as many configuration files you have domains</SPAN><BR /><SPAN>then establish a chain ldap authentication</SPAN><BR /><BR /><SPAN>authentication.chain=zimbraDOMAIN:ldap,zimbraDOMAIN2:ldap,zimbraDOMAIN3:ldap</SPAN></BODY></HTML> Fri, 21 Aug 2015 11:47:54 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-with-zimbra-openldap/m-p/294602#M247732 lascaux 2015-08-21T11:47:54Z