Hyland Connect

jriker1 · ‎06-19-2009

So I have LDAP working, and have configured my Sync xml file. How do I know it's working? If I go into the admin screen and add a user, what should I see? Do I enter their network ID and the rest fills in from AD? Any info would be appreciated.

JR

dward · ‎06-19-2009

Until v3.2, LDAP sync is done through a scheduled job. You can only edit cron expressions to change the frequency with which Alfresco queries users and groups and brings them in to its own repository.

You shouldn't be adding users manually via the admin screen. They are all added during a sync operation.

See

http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_Synchronizat...

Or if you try the latest and greatest nightly build, the synchronization capability is actually integrated into the authentication chain and users and their groups can actually be pulled in 'on demand' as you are probably expecting.

I'm guessing you're going to ask me about that

So suppose I have this in my alfresco-global.properties (see http://wiki.alfresco.com/wiki/Developer_Runtime_Configuration)

authentication.chain=myldap1:ldap,myldap2:ldap

i.e. I have a chain of two LDAP servers

Then, assuming you have configured the properties for myldap1 and myldap2 (look at other forum posts for how to do this - about to publish on Wiki) the preconfigured synchronization service will kick in as soon as a user is successfully authenticated and retrieve the users and groups added since the last sync. 'Collision' resolution is done using the directory's position in the chain.

Note we are still working on ironing out some AD compatibility problems in the nightly build- it currently works with openldap.

jtp · ‎06-19-2009

Should I bother trying to get LDAP sync working with AD until there's a new nightly build? I installed the June 18th build and it's not going so well. I had almost everything working with LDAP and NTLM on the June 1 or 2nd build except SSO on Share.

jriker1 · ‎06-19-2009

I am actually working in 3.2. How does it work there?

Thanks.

JR

dward · ‎06-19-2009

If a user is successfully authenticated via LDAP but a person object doesn't yet exist for them in Alfresco, the sync service is called to do a differential sync (fetch all users and groups modified since it last synced) and the person object is created automatically.

jriker1 · ‎06-19-2009

If a user is successfully authenticated via LDAP but a person object doesn't yet exist for them in Alfresco, the sync service is called to do a differential sync (fetch all users and groups modified since it last synced) and the person object is created automatically.

So I'm assuming this is automatic. Is there something I can enable in log4g to check if the sync piece is running or has run?

JR

dward · ‎06-19-2009

With the default log settings you would see this in alfresco.log

15:44:56,575 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'lap1'
15:44:56,575 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since 18-Jun-2009 13:45:34 from user registry 'AUTH.EXT.lap1'
15:44:56,966 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'dward'
15:44:56,981 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'hippo'
15:44:56,997 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'fullname'
15:44:57,012 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'walrus'
15:44:57,028 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'platypus'
15:44:57,044 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'emu'
15:44:57,059 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Creating user 'koala'
15:44:57,403 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Updating user 'kangaroo'
15:44:57,419 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Creating user 'hippo2'
15:44:57,669 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since 18-Jun-2009 13:30:59 from user registry 'AUTH.EXT.lap1'
15:44:57,716 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'AUTH.EXT.lap1'
15:44:57,716 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 9 user(s) and 3 group(s) processed

jriker1 · ‎06-25-2009

Thanks for the info. I now have LDAP sync working however have tried adding some custom attributes to the sync pull. Not sure that it is working. Is there any way to make the output more verbose to see the properties that are being pulled from AD for each user?

Thanks.

JR

dward · ‎06-25-2009

I'm afraid we don't log at the attribute level, but see my response to your "Synchronization questions" thread on attribute mapping. We may consider making the attribute map a 'composite property' one day so that it would be fully controllable via alfresco-global.properties (see the Subsystems Wiki).

jriker1 · ‎06-25-2009

I was able to get my attributes to pull so all is good there. Now to try and figure out why thru Share my personal account doesn't show up in the people search but in the Alfresco client it does. I am listed in the properties file as an admin, however if I manually pull up my account it shows all my LDAP details I pulled so know I'm physically in there.

JR

Hyland Connect

How do I know LDAP Sync is working?