Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Empty AD Group Membership
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Empty AD Group Membership
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2010 01:26 PM
I am trying to sync Alfresco 3.2r Community Edition with my AD. I am able to get all the users and group names imported, and I can log in with the imported users. It is even synchronizing the users and groups every minute. The problem is the groups have no members in Alfresco. When I change a group's membership in AD, the alfresco detects the changed group and the log says it processed the group, but still no group members show up in Alfresco. Here is the ldap-ad-authentication.properties file:
Anyone have any suggestions?
Thanks
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@company.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://x.x.x.x:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=xxx@company.com
ldap.synchronization.java.naming.security.credentials=Creds
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc\=company,dc\=com
ldap.synchronization.userSearchBase=ou\=User Accounts,ou\=Alfresco,dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=trueAnyone have any suggestions?
Thanks
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2010 08:01 AM
I'm having a similar problem.
I'm trying to synchronize Alfresco 3.3. CE with CentOS Directory Server (read: Fedora / RedHat Directory Server). In Alfresco Administration Console I can see my LDAP groups, my LDAP users and I can log-on with them. But all my groups are empty.
I tryed to create users within groups and I tryed to build groups with members association only, but in both cases in alfresco I keep seeing only empty groups.
I configured ldap-authentication.properties to match (I hope) the CentOS Directory Server but I didn't get any benefit. Below there are the properties that I changed:
alfresco-global.properties
Can anybody help me?
Thanks in advance.
I'm trying to synchronize Alfresco 3.3. CE with CentOS Directory Server (read: Fedora / RedHat Directory Server). In Alfresco Administration Console I can see my LDAP groups, my LDAP users and I can log-on with them. But all my groups are empty.
I tryed to create users within groups and I tryed to build groups with members association only, but in both cases in alfresco I keep seeing only empty groups.
I configured ldap-authentication.properties to match (I hope) the CentOS Directory Server but I didn't get any benefit. Below there are the properties that I changed:
alfresco-global.properties
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap2:ldap
ntlm.authentication.sso.enabled=false
synchronization.import.cron=0 0/5 * * * ?
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://alfrescolnx.mylab.loc:389
ldap.authentication.defaultAdministratorUserNames=cn\=Directory Manager
ldap.synchronization.java.naming.security.principal=cn\=Directory Manager
ldap.synchronization.java.naming.security.credentials=**********
ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=mycompany,dc\=myldap,dc\=loc
ldap.synchronization.userSearchBase=ou\=mycompany,dc\=myldap,dc\=loc
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.groupMemberAttributeName=uniqueMember
ldap.synchronization.enableProgressEstimation=true
Can anybody help me?
Thanks in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2010 09:06 AM
I made some more try in my test environment and I discovered that in my LDAP I wrongly defined my users under a group and not within an Organizational Unit. I placed my users into an Organizational Unit and I redefined the membership of my groups, so now these groups are not empty anymore in Alfresco.
However there's still a quite serious problem. It seems that if a LDAP user belongs to more than one group, in Alfresco I can see him only in the first one. Example:
LDAP
Alfresco
Has anyone never found a similar problem and can confirm this?
However there's still a quite serious problem. It seems that if a LDAP user belongs to more than one group, in Alfresco I can see him only in the first one. Example:
LDAP
- Group_A = User_1 + User_2 + User_3
Grouo_B = User_4 + User_1
Alfresco
- Group_A = User_1 + User_2 + User_3
Grouo_B = User_4 + … (User_1 is missing!)
Has anyone never found a similar problem and can confirm this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2010 01:41 AM
I made some more try in my test environment and I discovered that in my LDAP I wrongly defined my users under a group and not within an Organizational Unit. I placed my users into an Organizational Unit and I redefined the membership of my groups, so now these groups are not empty anymore in Alfresco.i found - what:
However there's still a quite serious problem. It seems that if a LDAP user belongs to more than one group, in Alfresco I can see him only in the first one. Example:
LDAPGroup_A = User_1 + User_2 + User_3
Grouo_B = User_4 + User_1
AlfrescoGroup_A = User_1 + User_2 + User_3
Grouo_B = User_4 + … (User_1 is missing!)
Has anyone never found a similar problem and can confirm this?
IF group_B is Primery Group for User_1, then in this group in alfresco user don't exist. its very bad(((
search on this forum about Primery Group in AD - did not help.
Related Content
- Install Alfresco on Linux Using Docker (Beginner Guide) in Alfresco Blog
- Alfresco Customer Newsletter — October 2023 in Alfresco Blog
- Alfresco syncs LDAP groups, but doesn't populate them in Alfresco Forum
- Bug to add groups to a site in Alfresco 7.3 in Alfresco Forum
- Join the Alfresco User Group in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
