Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco 3.2 broken LDAP sync

fo1337
Champ in-the-making
Champ in-the-making

‎07-09-2009 03:24 PM

So I've been trying to configure my 3.2 users and groups LDAP synchronization (I use AD). So far it was good, hats off on the new configuration subsystems. However, I'm stuck with some bizarre error which I didn't have with Alfresco 3.1, with the exact same configuration parameters and same AD.

All users get synchronized properly (as seen in log), but when it gets to the groups, after a while an exception is thrown and the synchronization stops completely. The error is (DN edited for privacy):

14:39:27,401 ERROR [org.quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.error.AlfrescoRuntimeException: 06090011 User missing user id attribute DN =CN=Smith\, John,OU=Contacts,OU=Servic
e Accounts,OU=Bla,DC=foo,DC=bar,DC=crap,DC=net  att = sAMAccountName
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:595)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchroni
zer.java:399)
        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:
219)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:71)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at $Proxy53.synchronize(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
        at org.alfresco.repo.transaction.CheckTransactionAdvice.invoke(CheckTransactionAdvice.java:52)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
        at org.alfresco.repo.transaction.RetryingTransactionAdvice$1.execute(RetryingTransactionAdvice.java:70)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
        at org.alfresco.repo.transaction.RetryingTransactionAdvice.invoke(RetryingTransactionAdvice.java:73)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at $Proxy53.synchronize(Unknown Source)
        at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:57)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
        at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:53)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)

As I understand it, for this user, the attribute sAMAccountName is missing and this throws an unhandled exception. I'm quite baffled as to why this exception is not handled. Surely in huge AD like mine, some users are going to have no sAMAccountName, why aren't they just skipped? I guess 3.1 was skipping them because I had never seen this issue before.

Please help me getting rid of this unhandled exception so the LDAP sync can proceed!

Thank you.
Labels:
0 Kudos
2 REPLIES 2

fo1337
Champ in-the-making
Champ in-the-making

‎07-10-2009 09:54 AM

Nobody likes me :'(

I've posted a bug report as I suspect it is one… https://issues.alfresco.com/jira/browse/ALFCOM-3193
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎07-17-2009 08:20 AM

We like our users. It's just we are busy people.

There were actually configurable properties errorOnMissingUID and errorOnMissingGID on the userRegistry bean that you could have overridden in the extension classpath. However, I agree that the default behaviour should be that we don't abort if UIDs or GIDs are missing. So I've checked in a change that should show up in the next nightly build.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC