Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HELP: LDAP user/group import and LDAP query strings

qasimh
Champ in-the-making
Champ in-the-making

‎01-30-2008 02:41 PM

I'm using Alfresco 2.1 CE, on Windows 2003, and Tomcat.

I've successfully configured NTLM SSO and LDAP import of users and groups.

Everything was working fine with ldap-authentication-context.xml as follows:

<property name="personQuery">
            <value>(objectclass=user)</value>
</property>
AND 

<property name="groupQuery">
            <value>(objectclass=group)</value>
</property>

However, these LDAP search strings don't provide the results I was looking for.  I tried to refine the search string as stated below.  Note that I could not use the "and" operator (&) because it was causing a parse error (a syntax conflict between the LDAP search string and SAX Parser).  Anyway, my final search string looks like this

<property name="personQuery">
            <value>(!(|(!objectclass=user)(!sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2)(cn=Team*)(cn=FMS*)))</value>
</property>
Now I'm getting another runtime error as follows:


14:23:01,247 ERROR [org.quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception: 
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)
   at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import people.
   at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:296)
   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:174)
   … 3 more
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=Users,ou=_Atlantis Systems International,dc=atlantissi,dc=com'
   at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:479)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:514)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:93)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
   at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:174)
   … 4 more
14:23:01,262 ERROR [org.quartz.core.ErrorLogger] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import]
   at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)
   at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
   … 1 more
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import people.
   at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:296)
   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:174)
   … 3 more
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=Users,ou=_Atlantis Systems International,dc=atlantissi,dc=com'
   at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:479)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:514)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:93)
   at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)
   at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
   at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:174)
   … 4 more

"Unbalanced parethesis" … C'mon!!!!!   It's working fine when I test the query string in AD tools.

Can anyone provide some insight.
Labels:
0 Kudos
2 REPLIES 2

qasimh
Champ in-the-making
Champ in-the-making

‎01-30-2008 04:05 PM

I found that I had to properly enclose the not in parenthesis.  i.e.
(!CN=John*) is not strictly correct, eventhough most AD tools don't complain.  You must use (!(CN=John*)).

This resolved my LDAP query string issue, well, most of it
0 Kudos

qasimh
Champ in-the-making
Champ in-the-making

‎01-31-2008 03:58 PM

I found the proper syntax to avoid conflicts between the SOX parser and the LDAP search string syntax (when dealing with '&') is to embed the search string in the following block:
<![CDATA[MY_LDAP_SEARCH_STRING]]>

An example was posted on the Wiki forums:
(@ Active Directory Tips for LDAP People and Group Synchronisation)
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC