Hyland Connect

Liferbis · ‎04-03-2020

Buenos días,

He realizado la sincronización y la integración del LDAP entre Alfresco CE 6 con un AD sobre un Centos7, he modificado el archivo 'alfresco-global.properties' y creado el 'ldap-authentication.properties' en la ruta: '/rutaAlfresco/apache-tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/'.

El archivo 'alfresco-global.properties':

#
# alfresco-global.properties
#
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@uno.dos.es
ldap.authentication.java.naming.provider.url=ldap://uno.dos.es:389
ldap.authentication.defaultAdministratorUserNames=Administrador
ldap.authentication.java.naming.security.authentication=simple

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=usuario@uno.dos.es
ldap.synchronization.java.naming.security.credentials=PasswordUsuario
ldap.synchronization.import.cron=0 0/5 * * * ?
# synchronisation starts every 5 minutes!

ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.groupSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.personQuery=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))
ldap.synchronization.person.differential.query=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))

El archivo 'ldap-authentication.properties' replica el global:

#
# ldap-authentication.properties
#
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@uno.dos.es
ldap.authentication.java.naming.provider.url=ldap://uno.dos.es:389
ldap.authentication.defaultAdministratorUserNames=Administrador
ldap.authentication.java.naming.security.authentication=simple

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=usuario@uno.dos.es
ldap.synchronization.java.naming.security.credentials=PasswordUsuario
ldap.synchronization.import.cron=0 0/5 * * * ?
# synchronisation starts every 5 minutes!

ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.groupSearchBase=dc=uno,dc=dos,dc=es
ldap.synchronization.personQuery=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))
ldap.synchronization.person.differential.query=(&=(ObjectClass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))((WhenChanged<\={0})))

Por un lado, no he conseguido que el cron funcione para sincronizar cambios cada 5 minutos

ldap.synchronization.import.cron=0 0/5 * * * ?

Y cuando realiza la sincronización a las 00:00 de me dá el siguiente error:

2020-04-03 00:00:00,313  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronizing users and groups with user registry 'ldap1'
2020-04-03 00:00:00,354  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Some users and groups previously created by synchronization with this user registry may be removed.
2020-04-03 00:00:00,447  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Retrieving groups changed since Apr 2, 2020, 5:50:42 PM from user registry 'ldap1'
2020-04-03 00:00:00,558  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2020-04-03 00:00:00,558  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2020-04-03 00:00:00,791  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more
2020-04-03 00:00:00,835  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-8] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more
2020-04-03 00:00:00,845  ERROR [quartz.core.JobRunShell] [DefaultScheduler_Worker-8] Job DEFAULT.org.springframework.scheduling.quartz.JobDetailFactoryBean#40c110e2 threw an unhandled Exception: 
org.alfresco.error.AlfrescoRuntimeException: 03030023 Error during LDAP Search. Reason:Unbalanced parenthesis
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:583)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'dc=uno,dc=dos,dc=es'
	at java.naming/com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
	at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
	at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:541)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1845)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1770)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1314)
	... 11 more

Con más detalle de lo que ocurre, el LDAP ya ha sido sincronizado, pero erroneamente, me explico, se han introdicido usuarios deshabilitados, por lo que añadí el filtro:

(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2))

Pero no consigo forzar una nueva sincronización para que elimine los usuarios deshabilitados y añada los que si están habilitados.

No se si alguien ha tenido que lidiar con esta situación, agradecería ayuda. Muchas gracias de antemano,

Hyland Connect

Error de sincronización LDAP