Hyland Connect

henrychoi_yw · ‎04-22-2015

I'm using Alfresco on Linux. I can sync the users from Windows AD to Alfresco but I can't sync the user groups from Windows AD.
Anyone know why it doesn't sync groups only?

Many thanks.

borisstankov · ‎04-23-2015

Hi there,

Check out this topic:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-lda...

There are some very helpful pointers for synchronazing your groups and users.

Boris

henrychoi_yw · ‎04-24-2015

Thanks very much for the reply.
I have tried to set the following:
synchronization.synchronizeChangesOnly = false
and
synchronization.syncOnStartup = true

After that I tried to restart with alfresco.sh restart tomcat
but the groups still the same and not updated.

henrychoi_yw · ‎04-24-2015

I want to ask do I need to do any setting on Windows Server ? Any AD LDS need to install to make the group sync works ?

borisstankov · ‎04-24-2015

Hm, I'm sure about this if you need or not to do that.
However I'm certain that you need to add more than just those two parameters for the synchronization.

Please add all of the parameters from this section of the same topic, restart and check again:
### LDAP Integration ###
where you have this at the beggining: ldap.synchronization. or just synchronization. - just to be sure that you have all the configs enabled.

Cheers!

henrychoi_yw · ‎04-24-2015

<strong>I am getting error from the log:</strong>
04:23:03,947 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03250001 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:632)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1650)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1644)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:485)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:685)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: intranet.cshcc.org.hk:389 [Root exception is java.net.ConnectException: Connection timed out]]
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1131)
   … 47 more
Caused by: javax.naming.CommunicationException: intranet.cshcc.org.hk:389 [Root exception is java.net.ConnectException: Connection timed out]
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
   at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
   … 49 more
Caused by: java.net.ConnectException: Connection timed out
   at java.net.PlainSocketImpl.socketConnect(Native Method)
   at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
   at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
   at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
   at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
   at java.net.Socket.connect(Socket.java:529)
   at java.net.Socket.connect(Socket.java:478)
   at java.net.Socket.<init>(Socket.java:375)
   at java.net.Socket.<init>(Socket.java:189)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
   at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
   at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
   at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
   at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
   at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
   at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
   at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
   at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
   at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
   … 52 more

<strong>and my alfresco-global.properties file looks like this:</strong>
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1

assthru,ldap-ad1:ldap-ad

alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
ntlm.authentication.mapUnknownUserToGuest=false

#ldap.authentication.active=false
#ldap.synchronization.active=true

passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.useLocalServer=false
passthru.authentication.domain=CSHCC
passthru.authentication.servers=CSHCC\\192.168.0.4

passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@intranet.cshcc.org.hk
ldap.authentication.java.naming.security.authentication=simple

### LDAP Integration ###
synchronization.import.cron=0 0/5 * * * ?
synchronization.allowDeletions=false
synchronization.syncOnStartup=true
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.authCreatePeopleOnLogin=true
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://192.168.0.4:389
ldap.synchronization.java.naming.security.principal=alfresco@intranet.cshcc.org.hk
ldap.synchronization.java.naming.security.credentials=******
ldap.synchronization.groupSearchBase=dc=intranet,dc=cshcc,dc=org,dc=hk
ldap.synchronization.userSearchBase=dc=intranet,dc=cshcc,dc=org,dc=hk
ldap.synchronization.groupQuery=(objectclass\=*)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(objectclass\=*)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))

ldap.synchronization.queryBatchSize=10000
ldap.synchronization.attributeBatchSize=10000

Can anyone help ?

eswbitto · ‎04-27-2015

I think you need to define an OU where you have your groups located. Try that and see how it goes.

Hyland Connect

Cannot sync user groups from WIndows AD