https://connect.hyland.com/t5/alfresco-forum/active-directory-configuration/m-p/20397#M9002 <HTML><HEAD></HEAD><BODY><P>Hello All,</P><P></P><P>I have alfresco process services 1.8.1 and wanted to activate the LDAP (active directory) authentication, but I'm facing the following error and don't know what to do:</P><PRE class="language-none line-numbers"><CODE>2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeEnabled = false<BR />2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeSize = 1500<BR />2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userSearchBase = OU=User Accounts,OU=Alfresco,DC=pgi,DC=com<BR />2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userQuery = (&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userDifferentialQuery = (&amp;(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged&lt;={0})))<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userIdAttributeName = uid<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userFirstNameAttributeName = givenName<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userLastNameAttributeName = sn<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userEmailAttributeName = 'mail'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userType = 'user'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupSearchBase = 'OU=Security Groups,OU=Alfresco,DC=pgi,DC=com'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupQuery = '(objectclass=group)'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupDifferentialQuery = '(&amp;(objectclass=group)(!(whenChanged&lt;={0})))'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupIdAttributeName = 'cn'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupMemberAttributeName = member<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupType = group<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] distinguishedNameAttributeName = dn<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] createTimestampAttributeName = whenCreated<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] modifyTimestampAttributeName = 'whenChanged'<BR />2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] timeStampFormat = yyyyMMddHHmmss'.0Z', locale = (en,GB), timezone = GMT<BR />2018-03-28 09:58:00,764 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 88. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.<BR />2018-03-28 09:58:00,779 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 77. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.<BR />2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] User cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.users.max.size' and 'cache.users.max.age' property.<BR />2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] Group cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.groups.max.size' and 'cache.groups.max.age' property.<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] Form cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.forms.max.size' property<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] Alfresco ticket cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] The size of this cache is determined by the 'cache.alfresco-tickets.max.size' and 'cache.alfresco-tickets.max.age' property.<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.license.LicenseService] [pool-4-thread-4] Note! License is about to expire in the near future 20180415<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileControllerCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] Token cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.login-tokens.max.size' and 'cache.login-tokens.max.age' property.<BR />2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileLibraryCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}<BR />2018-03-28 09:58:04,242 INFO [com.activiti.ActivitiApplication] [localhost-startStop-1] Started ActivitiApplication in 42.541 seconds (JVM running for 71.388)<BR />2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] No initial LDAP sync info found. Executing full synchronization.<BR />2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting full LDAP synchronization<BR />2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting to process the LDAP users and groups.<BR />2018-03-28 09:58:04,320 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Found 0 groups and 2 users in LDAP<BR />2018-03-28 09:58:04,383 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.<BR />javax.persistence.NonUniqueResultException: result returns more than one elements<BR /> at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297)<BR /> at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258)<BR /> at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208)<BR /> at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87)<BR /> at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116)<BR /> at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106)<BR /> at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492)<BR /> at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)<BR /> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)<BR /> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)<BR /> at java.lang.reflect.Method.invoke(Unknown Source)<BR /> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)<BR /> at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source)<BR /> at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)<BR /> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)<BR /> at java.lang.reflect.Method.invoke(Unknown Source)<BR /> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)<BR /> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469)<BR /> at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)<BR /> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)<BR /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)<BR /> at java.lang.Thread.run(Unknown Source)<BR />2018-03-28 09:58:04,414 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.<BR />javax.persistence.NonUniqueResultException: result returns more than one elements<BR /> at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297)<BR /> at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258)<BR /> at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208)<BR /> at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87)<BR /> at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116)<BR /> at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106)<BR /> at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492)<BR /> at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)<BR /> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)<BR /> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)<BR /> at java.lang.reflect.Method.invoke(Unknown Source)<BR /> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)<BR /> at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source)<BR /> at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<BR /> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)<BR /> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)<BR /> at java.lang.reflect.Method.invoke(Unknown Source)<BR /> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)<BR /> at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)<BR /> at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)<BR /> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)<BR /> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)<BR /> at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469)<BR /> at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)<BR /> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)<BR /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)<BR /> at java.lang.Thread.run(Unknown Source)<BR />2018-03-28 09:58:04,414 ERROR [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Exception while executing full LDAP sync<BR />org.springframework.transaction.TransactionSystemException: Could not commit JPA transaction; nested exception is javax.persistence.RollbackException: Transaction marked as rollbackOnly<BR /> at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:526)<BR /> at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761)<BR /> at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730)<BR /> at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:150)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298)<BR /> at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266)<BR /> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)<BR /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)<BR /> at java.lang.Thread.run(Unknown Source)<BR />Caused by: javax.persistence.RollbackException: Transaction marked as rollbackOnly<BR /> at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:72)<BR /> at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:517)<BR /> ... 11 more <SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><P></P><P>Bellow is \tomcat\lib\activiti-ldap.properties</P><P></P><PRE class="language-none line-numbers"><CODE># --------------------------<BR /># LDAP AUTHENTICATION CONFIG<BR /># --------------------------<BR /># Note that this is AUTHENTICATION only, not synchronization.<BR /># For this to work properly, the LDAP synchronization (see below), needs to be <BR /># enabled and configured correctly (on one node).<BR />ldap.authentication.enabled=true<BR /># Set to false to allow for case insensitive logins. By default true if omitted or commented out.<BR />ldap.authentication.casesensitive=true<BR /># Set this property to 'true' to allow for a fallback to database authentication (default is false).<BR /># This can be useful to have a 'system' user for example which does not represent<BR /># a real user (and is not in the LDAP user store), but can be used to eg. call the REST API.<BR />ldap.allow.database.authenticaion.fallback=false<BR /><BR /># Property to map the user id entered by the user in the login field to that passed through to LDAP.<BR />#<BR /># If the users are in a flat list (eg one organizational unit), it's easy, simply set the property <BR /># to a value, eg. uid={0},ou=users,dc=alfresco,dc=com<BR /># This is also the most performant way, as the LDAP bind can be done directly.<BR />#<BR /># However, if the users are in structured folders (organizational units for example), a direct pattern cannot be used.<BR /># In this case, leave the property either empty or comment it. <BR /># A query will be done using the ldap.synchronization.personQuery with the ldap.synchronization.userIdAttributeName<BR /># to find the user, and find it's dn. That dn will then be used to login.<BR />ldap.authentication.dnPattern=<BR /># Uncomment when using Active directory<BR />ldap.authentication.active-directory.enabled=true<BR />ldap.authentication.active-directory.domain=pgi.com<BR />ldap.authentication.active-directory.rootDn=DC=pgi,DC=com<BR />ldap.authentication.active-directory.searchFilter=(&amp;(objectClass=user)(sAMAccountName={0}))<BR /><BR /># ----------------------------<BR /># LDAP SYNCHRONIZATION CONFIG<BR /># ----------------------------<BR /># Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.<BR /># By default, runs at midnight, since this is quite a heavy operation.<BR /># Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users. <BR />ldap.synchronization.full.enabled=true<BR />ldap.synchronization.full.cronExpression=0 0 0 * * ?<BR /># Enabled differential synchronization. This will only check the users/groups which are changes since last sync.<BR /># A differential sync cannot detect deletes of users/groups. This is done by the full sync.<BR />ldap.synchronization.differential.enabled=false<BR />ldap.synchronization.differential.cronExpression=0 0 */4 * * ?<BR /># Paging (default = no paging).<BR /># If enabled, default page size is 100<BR />ldap.synchronization.paging.enabled=false<BR />ldap.synchronization.paging.size=500<BR /># Db batch sizes<BR />ldap.synchronization.db.insert.batch.size=100<BR />ldap.synchronization.db.query.batch.size=100<BR /><BR /># ----------------------<BR /># LDAP CONNECTION CONFIG<BR /># ----------------------<BR /># The URL to connect to the LDAP server <BR />ldap.authentication.java.naming.provider.url=ldap://ActiveDirectory.pgi.com:389<BR /># The default principal to use (only used for LDAP sync)<BR />ldap.synchronization.java.naming.security.principal=CN\=Alfresco,OU\=User Accounts,OU\=Alfresco,DC\=pgi,DC\=com<BR /># The password for the default principal (only used for LDAP sync)<BR />ldap.synchronization.java.naming.security.credentials=Start123<BR /># The authentication mechanism to use for synchronization<BR />ldap.synchronization.java.naming.security.authentication=simple<BR /># LDAPS truststore configuration properties<BR />#ldap.authentication.truststore.path=<BR />#ldap.authentication.truststore.passphrase=<BR />#ldap.authentication.truststore.type=<BR /># Set to 'ssl' to enable truststore configuration via subsystem's properties<BR />#ldap.authentication.java.naming.security.protocol=ssl<BR /># The LDAP context factory to use<BR />#ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<BR /># Requests timeout, in miliseconds, use 0 for none (default)<BR />#ldap.authentication.java.naming.read.timeout=0<BR /># See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html<BR />#ldap.synchronization.java.naming.referral=follow<BR /><BR /># -----------<BR /># USER CONFIG<BR /># -----------<BR /># The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.<BR />ldap.synchronization.userSearchBase=OU=User Accounts,OU=Alfresco,DC=pgi,DC=com<BR /># The query to select all objects that represent the users to import.<BR /># Active Directory example: (&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))<BR />ldap.synchronization.personQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))<BR /># The query to select objects that represent the users to import that have changed since a certain time.<BR /># Active Directory example: (&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;\={0})))<BR />ldap.synchronization.personDifferentialQuery=(&amp;(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged&lt;\={0})))<BR /># The attribute name on people objects found in LDAP to use as the login id in Activiti. Needs to be unique and cannot change!<BR />ldap.synchronization.userIdAttributeName=uid<BR /># The attribute on person objects in LDAP to map to the first name property of a user<BR />ldap.synchronization.userFirstNameAttributeName=givenName<BR /># The attribute on person objects in LDAP to map to the last name property of a user<BR />ldap.synchronization.userLastNameAttributeName=sn<BR /># The attribute on person objects in LDAP to map to the email property of a user<BR />ldap.synchronization.userEmailAttributeName=mail<BR /># The person type in LDAP<BR /># Active Directory: user<BR />ldap.synchronization.userType=user<BR /># Set the dn of the people that need to be made tenant admin (one tenant). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied<BR />##ldap.synchronization.tenantAdminDn=uid=admin,ou=users,dc=alfresco,dc=com<BR /># Set the dn of the people that need to be made tenant manager (multiple tenants). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied<BR />##ldap.synchronization.tenantManagerDn=uid=admin,ou=users,dc=alfresco,dc=com<BR /># ------------<BR /># GROUP CONFIG<BR /># ------------<BR /># The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.<BR />ldap.synchronization.groupSearchBase=OU=Security Groups,OU=Alfresco,DC=pgi,DC=com<BR /># The query to select all objects that represent the groups to import.<BR /># Active Directory example: (objectclass\=group)<BR />ldap.synchronization.groupQuery=(objectclass\=group)<BR /># The query to select objects that represent the groups to import that have changed since a certain time.<BR /># Active Directory example: (&amp;(objectclass\=group)(!(whenChanged&lt;\={0})))<BR />ldap.synchronization.groupDifferentialQuery=(&amp;(objectclass\=group)(!(whenChanged&lt;\={0})))<BR /># The attribute on LDAP group objects to map to the authority name property in Alfresco<BR />ldap.synchronization.groupIdAttributeName=cn<BR /># The attribute in LDAP on group objects that defines the DN for its members<BR />ldap.synchronization.groupMemberAttributeName=member<BR /># LDAP Range (default = no range).<BR /># If enabled, default range size is 1000.<BR /># This is an Active Directory attribute <BR /># and should be used when there are groups with more than<BR /># 1000 members for AD on Windows Server 2000 or<BR /># 1500 members for AD on Windows Server 2003+<BR /># see https://msdn.microsoft.com/en-us/library/ms676302(VS.85).aspx<BR />ldap.synchronization.groupMemberRangeEnabled=false<BR />ldap.synchronization.groupMemberRangeSize=1500<BR /># The group type in LDAP<BR /># Active Directory: group<BR />ldap.synchronization.groupType=group<BR /><BR /># ------------------------<BR /># GENERIC ATTRIBUTE CONFIG<BR /># ------------------------<BR /># The dn of an entry. <BR />ldap.synchronization.distinguishedNameAttributeName=dn<BR /># The name of the operational attribute recording the last update time for a group or user.<BR /># Active Directory: whenChanged<BR />ldap.synchronization.modifyTimestampAttributeName=whenChanged<BR /># The name of the operational attribute recording the create time for a group or user.<BR /># Active Directory: whenCreated<BR />ldap.synchronization.createTimestampAttributeName=whenCreated<BR /># The timestamp format. Unfortunately, this varies between directory servers.<BR /># Active Directory: yyyyMMddHHmmss'.0Z'<BR />ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'<BR /># The timestamp format locale language. 'en' by default. Follows the java.util.Locale semantics.<BR />ldap.synchronization.timestampFormat.locale.language=en<BR /># The timestamp format locale country. 'GB' by default. Follows the java.util.Locale semantics.<BR />ldap.synchronization.timestampFormat.locale.country=GB<BR /># The timestamp format timezone. 'GMT' by default. Folloez the java.text.SimpleDateFormat semantics.<BR />ldap.synchronization.timestampFormat.timezone=GMT<BR /><BR /># -----------------------<BR /># LDAP CONNECTION POOLING<BR /># -----------------------<BR /># Options=<BR /># nothing filled in: no connection pooling<BR /># 'jdk': use the default jdk pooling mechanism<BR /># 'spring': use the spring ldap connection pooling facilities. These can be configured further below<BR />#ldap.synchronization.pooling.type=spring<BR /># Following settings follow the semantics of org.springframework.ldap.pool.factory.PoolingContextSource<BR />#ldap.synchronization.pooling.minIdle=0<BR />#ldap.synchronization.pooling.maxIdle=8<BR />#ldap.synchronization.pooling.maxActive=0<BR />#ldap.synchronization.pooling.maxTotal=-1<BR />#ldap.synchronization.pooling.maxWait=-1<BR /># Options for exhausted action: fail | block | grow<BR />#ldap.synchronization.pooling.whenExhaustedAction=block<BR />#ldap.synchronization.pooling.testOnBorrow=false<BR />#ldap.synchronization.pooling.testOnReturn=false<BR />#ldap.synchronization.pooling.testWhileIdle=false<BR />#ldap.synchronization.pooling.timeBetweenEvictionRunsMillis=-1<BR />#ldap.synchronization.pooling.minEvictableIdleTimeMillis=1800000<BR />#ldap.synchronization.pooling.numTestsPerEvictionRun=3<BR /># Connection pool validation (see http://docs.spring.io/spring-ldap/docs/2.0.2.RELEASE/reference/#pooling for semantics)<BR /># Used when any of the testXXX above are set to true<BR />#ldap.synchronization.pooling.validation.base=<BR />#ldap.synchronization.pooling.validation.filter=<BR /># Search control: object, oneLevel, subTree<BR />#ldap.synchronization.pooling.validation.searchControlsRefs=<BR />#---------------------------<BR /># KERBEROS SSO CONFIGURATION<BR />#---------------------------<BR />kerberos.authentication.enabled=false<BR />#kerberos.authentication.principal=HTTP/test.alfresco.local<BR />#kerberos.authentication.keytab=C:/alfresco/alfrescohttp.keytab<BR />kerberos.authentication.krb5.conf=C:/Windows/krb5.ini<BR />#kerberos.allow.ldap.authentication.fallback=false<BR />#kerberos.allow.database.authentication.fallback=false<BR /># Set to true if you use the short form (samAccountName) of your AD username to log in to Windows rather than the full UPN<BR />#kerberos.allow.samAccountName.authentication=true<BR /># Following line must be set to true when Kerberos enabled<BR />#security.authentication.use-externalid=true<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><P></P><P></P><P>Any idea ??</P><P></P><P>Thanks in advance,</P><P>Makram</P></BODY></HTML> Wed, 28 Mar 2018 08:19:15 GMT makram_baaziz 2018-03-28T08:19:15Z https://connect.hyland.com/t5/alfresco-forum/active-directory-configuration/m-p/20397#M9002 Hello All,I have alfresco process services 1.8.1 and wanted to activate the LDAP (active directory) authentication, but I'm facing the following error and don't know what to do:2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeEnabled = fals Wed, 28 Mar 2018 08:19:15 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-configuration/m-p/20397#M9002 makram_baaziz 2018-03-28T08:19:15Z https://connect.hyland.com/t5/alfresco-forum/active-directory-configuration/m-p/20398#M9003 <HTML><HEAD></HEAD><BODY><P>Hi Makram,&nbsp;</P><P></P><P>Appreciate that it has been a while since you asked your question, but I found it whilst trying to problem solve a different issue myself.</P><P></P><P>Did you get this resolved in the end ?</P><P></P><P>I notice that you have&nbsp;</P><PRE class="" style="color: #000000; background: #f5f2f0; border: 0px; margin: 0.5em 0px; padding: 1em 1em 1em 3.8em;"><CODE style="border: 0px; font-weight: inherit;">ldap.synchronization.userIdAttributeName=uid</CODE></PRE><P></P><P>Although 'uid' is an attribute in&nbsp;AD, i'm not sure what it gets populated with. That might be why you are getting non-unique results for a specific user.&nbsp;</P><P>See&nbsp;<A class="link-titled" href="https://msdn.microsoft.com/en-us/library/ms677605(v=vs.85).aspx" title="https://msdn.microsoft.com/en-us/library/ms677605(v=vs.85).aspx" rel="nofollow noopener noreferrer">User Naming Attributes (Windows)</A>&nbsp;</P><P></P><P>You might be better off using&nbsp;</P><PRE class="" style="color: #000000; background: #f5f2f0; border: 0px; margin: 0.5em 0px; padding: 1em 1em 1em 3.8em;"><CODE style="border: 0px; font-weight: inherit;">ldap.synchronization.userIdAttributeName=sAMAccountName</CODE></PRE><P>- we've had some success with this setting &amp; AD, although my current problem is that disabled&nbsp;AD accounts are not making active users 'inactive'</P><P></P><P>Caution : Note that this contradicts the example-activiti-ldap-for-ad.properties file which suggests you use 'cn' together&nbsp;as does numerous other examples i've found in google searches.&nbsp; However, that gives us the users full name in 'external_id' within APS, which&nbsp;is not correct.</P><P></P><P>See&nbsp;<A class="link-titled" href="https://issues.alfresco.com/jira/browse/MNT-18209" title="https://issues.alfresco.com/jira/browse/MNT-18209" rel="nofollow noopener noreferrer">[MNT-18209] AD ldap.authentication.active-directory.* configuration properties cause auth failure - Alfresco JIRA</A>&nbsp;</P><P>I also note that there is an open JIRA to improve the documentation.</P><P></P><P>HTH</P><P></P><P>Keith</P></BODY></HTML> Fri, 25 May 2018 10:32:48 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-configuration/m-p/20398#M9003 keith_bailey 2018-05-25T10:32:48Z