Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I know LDAP Sync is working?

jriker1
Champ in-the-making
Champ in-the-making

‎06-19-2009 12:29 PM

So I have LDAP working, and have configured my Sync xml file.  How do I know it's working?  If I go into the admin screen and add a user, what should I see?  Do I enter their network ID and the rest fills in from AD?  Any info would be appreciated.

JR
Labels:
0 Kudos
12 REPLIES 12

dward
Champ on-the-rise
Champ on-the-rise

‎06-25-2009 03:21 PM

FYI in the next nightly build you should find AD sync + auth is working and supports differential sync (only pull in changes since last sync) when a new user is successfully authenticated.

We've also created a new authentication subsystem type called ldap-ad that has some more useful defaults preconfigured for Active Directory.

We found that if you use a userNameFormat that matches the userPrincipalName (UPN) of your users (these seem to be <sAMAccountName>@<domain.dns>) you can get authentication and sync working in tandem

ldap.authentication.userNameFormat=%s@domain.dns
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=alfresco@domain.dns
ldap.synchronization.userIdAttributeName=sAMAccountName

use DIGEST-MD5 instead of simple if your user passwords are stored with reversible encryption, but this is not the default and passwords would have to be reset.

Alternatively, chain the passthru subsystem so that authentication is performed more securely.
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎08-24-2009 03:06 PM

I have everything working now however due to some waiting for my domain groups to store valid users, have tried synching up a couple people manually by hard coding them one at a time in my ldap-ad property file under ldap.synchronization.userSearchBase=  Problem is after it syncs up the first user, when I change the name of the user in this field and restart Alfresco it doesn't find the next user that I put in there.  I think this is because it may be looking for changes since last start and technically that user existed last time it checked.  Is there a way to force Alfresco on start to sync up finding the user irregardless of if they existed before as they may have been in the AD last check but are not in Alfresco.

Thanks.

JR
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎08-25-2009 07:24 AM

Only the scheduled sync job will do a full re-sync. By default it runs every 24 hours, but you can change this by editing

synchronization.import.cron

This page explains the cron format in use

http://www.opensymphony.com/quartz/wikidocs/TutorialLesson6.html
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC