Hello,
I'm syncronizing users from our AD using the following configuration in config files.
The problem is that AD has ~150K users.
Alfresco apperently can't cope with such a large number of users.
When I click on "Repository"->"User Homes" ,alfresco will try to display all User Homes and it will hog the server!
I've been thinking of moving from sync. mode to only auth. mode.
The thing is that we already have several users working with Alfresco and Share and I don't want them to get any impact from this change.
This is my AD snap from /srv/alfresco/tomcat/shared/classes/alfresco-global.properties
This is an example of /srv/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/ldap-ad-authentication.properties:
I couldn't find a table in MySQL that consist of all user that logged and have been using alfresco
Would setting "ldap.synchronization.active=false" preserve all current users and their files?
Is it the only change I need to do?
Should I change anything else in /srv/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/ldap-ad-authentication.properties?
Any other advice?
Cheers,
Leon
I'm syncronizing users from our AD using the following configuration in config files.
The problem is that AD has ~150K users.
Alfresco apperently can't cope with such a large number of users.
When I click on "Repository"->"User Homes" ,alfresco will try to display all User Homes and it will hog the server!
I've been thinking of moving from sync. mode to only auth. mode.
The thing is that we already have several users working with Alfresco and Share and I don't want them to get any impact from this change.
This is my AD snap from /srv/alfresco/tomcat/shared/classes/alfresco-global.properties
#
# AD configuration
#
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad,ldap-ad2:ldap-ad,ldap-ad3:ldap-ad
synchronization.synchronizeChangesOnly=true
synchronization.syncOnStartup=false
synchronization.import.cron=0 30 2 * * ?
This is an example of /srv/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/ldap-ad-authentication.properties:
ldap.authentication.active=true
# synchronization.synchronizeChangesOnly=true
# synchronization.syncOnStartup=false
ldap.authentication.java.naming.security.authentication=simple
# Change here OU=Staff or OU=Student or OU=External
ldap.authentication.userNameFormat=CN=%s,OU=Staff,OU=Accounts,DC=AD,DC=MY,DC=ORG
ldap.authentication.allowGuestLogin=true
ldap.authentication.java.naming.provider.url=ldap://ad1.ad.my.org:389
ldap.authentication.defaultAdministratorUserNames=lkolnz,swelsd,anbeitz
ldap.authentication.escapeCommasInBind=true
ldap.authentication.escapeCommasInUid=true
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=CN=lkolnz,OU=Staff,OU=Accounts,DC=AD,DC=MY,DC=ORG
ldap.synchronization.java.naming.security.credentials=secret_password
ldap.synchronization.queryBatchSize=500
ldap.synchronization.attributeBatchSize=100
ldap.synchronization.groupQuery=(&(objectclass=group)(objectCategory=Group))
ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(!(whenChanged<={0})))
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.groupSearchBase=OU=Groups,DC=AD,DC=MY,DC=ORG
ldap.synchronization.personQuery=(&(objectCategory=Person)(sAMAccountName=*))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(!(whenChanged<={0})))
# Change here OU=Staff or OU=Student or OU=External
ldap.synchronization.userSearchBase=OU=Staff,OU=Accounts,DC=AD,DC=MY,DC=ORG
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userOrganizationalIdAttributeName=
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.personType=user
I couldn't find a table in MySQL that consist of all user that logged and have been using alfresco
Would setting "ldap.synchronization.active=false" preserve all current users and their files?
Is it the only change I need to do?
Should I change anything else in /srv/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/ldap-ad-authentication.properties?
Any other advice?
Cheers,
Leon
I would create a very simple JavaScript in Data Dictionary/scripts repository folder that executed against a folder (User homes in this case) iterates all its children and checks if they are of folder type and if they are empty. If they are empty just delete it.
If by chance some of the deleted home's are for valid users that shouldn't be such a big deal, after all the home will be created again next time they log in.
After checking that everything is alright you might want to empty the Trashcan.
Thanks iblanco.
This is fantastic idea!
I don't posses a knowledge in that area and have no experience with "Data Dictionary/scripts repository" ;(
Can you be so kind and provide me with some step by step instructions and possible javascript?
Thank you
