topic Re: ldap configuration in alfresco 7.2 in docker in Alfresco Forum

ldap configuration in alfresco 7.2 in docker

javico1 — Wed, 31 Jul 2024 16:26:57 GMT

hello guys, please, I need to configure ldap synchronization in alfresco 7 with docker, since the users authenticate to the ldap from alfresco but the groups and users are not synchronized

Re: ldap configuration in alfresco 7.2 in docker

abhinavmishra14 — Wed, 31 Jul 2024 17:01:32 GMT

Take a look at the following documentations thoroughly: https://docs.alfresco.com/content-services/latest/admin/auth-sync/#ldapconfprops

https://docs.alfresco.com/content-services/latest/admin/auth-sync/#example-authentication-and-synchronization-with-one-ldap-ad-subsystem

you will need to configure the auth chain and ldap connection properties such as (Example):

-Dauthentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
-Dldap.authentication.allowGuestLogin=false 
-Dldap.authentication.active=false
-Dldap.authentication.java.naming.referral=follow
-Dldap.authentication.defaultAdministratorUserNames=admin
-Dldap.synchronization.java.naming.security.principal="ldapuser"
-Dldap.synchronization.java.naming.security.credentials="ldappassword"
-Dldap.authentication.java.naming.provider.url="ldap://mycompany-ldap-server:389"

in second steps you will need to configure the sync properties (Example). Adjust the queries per your org need:

-Dldap.synchronization.groupSearchBase=""
-Dldap.synchronization.userSearchBase=""
-Dldap.synchronization.personQuery="" 
-Dldap.synchronization.personDifferentialQuery="" 
-Dldap.synchronization.groupQuery=""
-Dldap.synchronization.groupDifferentialQuery=""

in third step, decide how the sync should happen (Example):

-Dsynchronization.synchronizeChangesOnly=false
-Dsynchronization.syncOnStartup=true

Re: ldap configuration in alfresco 7.2 in docker

javico1 — Wed, 31 Jul 2024 17:47:21 GMT

As I explained, I did the same thing, the users can be authenticated but it does not synchronize any example of a domain... in order to understand more, I am new to alfresco

Re: ldap configuration in alfresco 7.2 in docker

abhinavmishra14 — Thu, 01 Aug 2024 13:44:52 GMT

There is no different config either. If users are not synching, you need to see and fix the queries. That's the most common issue i have observed when the sync queries are setup wrong. Example is given here https://docs.alfresco.com/content-services/latest/admin/auth-sync/#example-authentication-and-synchronization-with-one-ldap-ad-subsystem but this varries per organization. I would also suggest you connect with your IT team who manage the LDAP server/IAMs

-Dldap.synchronization.groupSearchBase=""
-Dldap.synchronization.userSearchBase=""
-Dldap.synchronization.personQuery="" 
-Dldap.synchronization.personDifferentialQuery="" 
-Dldap.synchronization.groupQuery=""
-Dldap.synchronization.groupDifferentialQuery=""