Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Community 5.0d sync with Active Directory

ccandreva
Champ in-the-making
Champ in-the-making

‎06-15-2015 05:21 PM

I've run into an error setting up active directory sync that my searching has not been able to unwind:

benchmarkeducation.ny is a domain that resolves only on our internal network .  Any pointers greatly appreciated.



2015-06-15 17:10:00,363 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Retrieving all groups from user registry 'ldap-ad1'
2015-06-15 17:10:00,370 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-5] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 05150031 Error during LDAP Search. Reason:[LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=benchmarkeducation,DC=ny'


Here is the relevant configuration section:

authentication.chain=alfinst:alfrescoNtlm,passthru1Smiley Tongueassthru,ldap-ad1:ldap-ad
#Auth done via passthrough in another config file, will move here later:

alfresco.authentication.authenticateCIFS=false
ldap.authentication.active=false
ldap.synchronization.active=true
synchronization.import.cron=0 0/10 9-18 ? * MON-FRI
#synchronization.allowDeletions=true
synchronization.syncOnStartup=true
ldap.authentication.java.naming.provider.url=ldap://benchmarkeducation.ny:389
ldap.synchronization.java.naming.security.principal=BENCHMARK\\SA_Alfresco
ldap.synchronization.java.naming.security.credentials=************
ldap.synchronization.groupSearchBase=cn\=Groups,dc\=benchmarkeducation,dc\=ny
ldap.synchronization.userSearchBase=cn\=BEC-users,dc\=benchmarkeducation,dc\=ny
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProviderldap.synchronization.groupIdAttributeName\=cn
#ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
#ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=false
Labels:
0 Kudos
3 REPLIES 3

borisstankov
Champ in-the-making
Champ in-the-making

‎06-16-2015 04:21 AM

Hello,

synchronization.import.cron=0 0/10 9-18 ? * MON-FRI - I'm not sure, but when I tried such syntax for this parameter I always got an error message. So I change it to: synchronization.import.cron=0 0 * * * ?

ldap.synchronization.java.naming.security.principal=BENCHMARK\\SA_Alfresco - this should be reverse, for example: ldap.synchronization.java.naming.security.principal=SA_Alfresco@benchmarkeducation.ny

I believe those two are on a different rows, but just saying they should be like:
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName\=cn

Also I never used those symbols "\=" to point where are my groups nor users (nor anything else), I just used "=", meaning this should look like (and all other rows):
ldap.synchronization.groupSearchBase=cn=Groups,dc=benchmarkeducation,dc=ny

On the other hand I noticed that it matters which comes first in this file. So I put all synchronization parameters first then all ldap.synchronization parameters. So please put all parameters in order like this one, but with the changes above:

authentication.chain=alfinst:alfrescoNtlm,passthru1Smiley Tongueassthru,ldap-ad1:ldap-ad

alfresco.authentication.authenticateCIFS=false

synchronization.syncOnStartup=true
synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0/10 9-18 ? * MON-FRI

ldap.authentication.active=false
ldap.synchronization.active=true

ldap.authentication.java.naming.provider.url=ldap://benchmarkeducation.ny:389
ldap.synchronization.java.naming.security.principal=BENCHMARK\\SA_Alfresco
ldap.synchronization.java.naming.security.credentials=************
ldap.synchronization.groupSearchBase=cn\=Groups,dc\=benchmarkeducation,dc\=ny
ldap.synchronization.userSearchBase=cn\=BEC-users,dc\=benchmarkeducation,dc\=ny
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProviderldap.synchronization.groupIdAttributeName\=cn


ldap.synchronization.personType=user


Hope this helps. Smiley Happy
0 Kudos

ccandreva
Champ in-the-making
Champ in-the-making

‎06-16-2015 04:50 PM

Thank you for your help.  While it didn't solve the problem it got me a few steps closer.

The problem was my search base strings should have started with ou= , not cn= .  Once I did that I was able to sync successfully.

0 Kudos

borisstankov
Champ in-the-making
Champ in-the-making
In response to ccandreva

‎06-17-2015 02:27 AM

Yes, sorry, I missed that. Smiley Sad With the ou= is the right way of doing it.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC