https://connect.hyland.com/t5/alfresco-archive/ldap-sync-issue/m-p/309777#M262907 <HTML><HEAD></HEAD><BODY><SPAN>Hi all,</SPAN><BR /><BR /><SPAN>I'm just update to alfresco community 4.2.e.</SPAN><BR /><SPAN>Alfresco is configure with SSO and LDAP Sync to my AD 2008R2.</SPAN><BR /><SPAN>SSO is working.</SPAN><BR /><SPAN>LDAP sync don't show any error but it don't update the properties.</SPAN><BR /><SPAN>For example, a new user is allow to connect to alfresco. SSO is working for this user but his propertie are not update from AD.</SPAN><BR /><BR /><SPAN>LDAP Sync show the message in log :</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />2013-11-29 16:10:00,341&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronizing users and groups with user registry 'ldap-ad1'<BR />2013-11-29 16:10:00,363&nbsp; WARN&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Full synchronization with user registry 'ldap-ad1'<BR />2013-11-29 16:10:00,363&nbsp; WARN&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Some users and groups previously created by synchronization with this user registry may be removed.<BR />2013-11-29 16:10:00,414&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Retrieving groups changed since 12 juin 2013 08:37:45 from user registry 'ldap-ad1'<BR />2013-11-29 16:10:00,485&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=1 Group Analysis: Commencing batch of 0 entries<BR />2013-11-29 16:10:00,486&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=1 Group Analysis: Completed batch of 0 entries<BR />2013-11-29 16:10:00,603&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Retrieving users changed since 19 août 2013 11:26:47 from user registry 'ldap-ad1'<BR />2013-11-29 16:10:00,613&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=6 User Creation and Association: Commencing batch of 0 entries<BR />2013-11-29 16:10:00,616&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization,Category=directory,id1=ldap-ad1,id2=6 User Creation and Association: Completed batch of 0 entries<BR />2013-11-29 16:10:00,647&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Finished synchronizing users and groups with user registry 'ldap-ad1'<BR />2013-11-29 16:10:00,649&nbsp; INFO&nbsp; [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] 0 utilisateur(s) et 0 groupe(s) traité(s)<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>here is my ldap sync config :</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />synchronization.import.cron=0 0/10 * ? * *<BR />ldap.authentication.active=false<BR />ldap.authentication.java.naming.security.authentication=simple<BR />ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<BR />ldap.synchronization.active=true<BR />ldap.authentication.userNameFormat=%s@domain.local<BR />ldap.authentication.allowGuestLogin=false<BR />ldap.authentication.java.naming.provider.url=ldap://domain.local:3268<BR />ldap.synchronization.java.naming.security.principal=administrateur@domain.local<BR />ldap.synchronization.java.naming.security.credentials=mypassword<BR />ldap.synchronization.queryBatchSize=1000<BR />ldap.synchronization.groupQuery=(&amp;(objectclass=group)(memberOf=cn=Groupes Alfresco,ou=Security Groups,ou=MyBusiness,dc=domain,dc=local))<BR />ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=group)(memberOf=cn=Groupes Alfresco,ou=Security Groups,ou=MyBusiness,dc=domain,dc=local)(!(whenChanged&lt;={0})))<BR />ldap.synchronization.personQuery=(&amp;(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged&lt;={0})))<BR />ldap.synchronization.groupSearchBase=dc\=domain,dc\=local<BR />ldap.synchronization.userSearchBase=dc\=domain,dc\=local<BR />ldap.synchronization.modifyTimestampAttributeName=whenChanged<BR />ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’<BR />ldap.synchronization.userIdAttributeName=sAMAccountName<BR />ldap.synchronization.userFirstNameAttributeName=givenName<BR />ldap.synchronization.userLastNameAttributeName=sn<BR />ldap.synchronization.userEmailAttributeName=mail<BR />ldap.synchronization.userOrganizationalIdAttributeName=company<BR />ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider<BR />ldap.synchronization.groupIdAttributeName=cn<BR />ldap.synchronization.groupType=group<BR />ldap.synchronization.personType=user<BR />ldap.synchronization.groupMemberAttributeName=member<BR />synchronization.synchronizeChangesOnly=true<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Thanks for help,</SPAN><BR /><SPAN>Yannick</SPAN></BODY></HTML> Fri, 29 Nov 2013 15:40:22 GMT ymolinet 2013-11-29T15:40:22Z https://connect.hyland.com/t5/alfresco-archive/ldap-sync-issue/m-p/309777#M262907 Hi all,I'm just update to alfresco community 4.2.e.Alfresco is configure with SSO and LDAP Sync to my AD 2008R2.SSO is working.LDAP sync don't show any error but it don't update the properties.For example, a new user is allow to connect to alfresco. SSO is working for this user but his propertie are Fri, 29 Nov 2013 15:40:22 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-sync-issue/m-p/309777#M262907 ymolinet 2013-11-29T15:40:22Z https://connect.hyland.com/t5/alfresco-archive/ldap-sync-issue/m-p/309778#M262908 <HTML><HEAD></HEAD><BODY><SPAN>Can't see any error above.&nbsp;&nbsp;&nbsp; </SPAN><BR /><BR /><SPAN>Are there anything in the alfresco logs?</SPAN><BR /><BR /><SPAN>I note that the differential sync reported no users and groups to update so would suggest that you review the following:</SPAN><BR /><BR /><SPAN>ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass=group)(memberOf=cn=Groupes Alfresco,ou=Security Groups,ou=MyBusiness,dc=domain,dc=local)(!(whenChanged&lt;={0})))</SPAN><BR /><SPAN>ldap.synchronization.personQuery=(&amp;(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512))</SPAN><BR /><SPAN>ldap.synchronization.personDifferentialQuery=(&amp;(objectclass=user)(|(memberOf=CN=Collaborateurs Alfresco,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local))(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged&lt;={0})))</SPAN><BR /><SPAN>ldap.synchronization.modifyTimestampAttributeName=whenChanged</SPAN></BODY></HTML> Fri, 29 Nov 2013 16:00:12 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-sync-issue/m-p/309778#M262908 mrogers 2013-11-29T16:00:12Z