Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Import Samba Group

rzavila
Champ in-the-making
Champ in-the-making

‎01-13-2012 01:47 PM

Dear Sirs

I am trying to migrate or at least integrate Alfresco with my samba-ldap  server
I was just been able to install alfresco and authenticate against my openldap database,although  all the users were imported, none of my samba groups was.

I just noticed an old 2006 post about importing samba groups, but the only solution offered was alter the source code
https://forums.alfresco.com/en/viewtopic.php?f=9&t=2572&start=0

the think is the samba group which is the majority of my groups, and do not have the objectclass  groupOfnames

I changed my ldap-authentication.properties

ldap.synchronization.groupQuery=(objectclass\=posixGroup)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupType=posixGroup

the system starts but still dont get the samba groups

I am not been able to add the groupOfNames objectclass to the samba groups. There is somethink about the nis.schema dont allow that.

by the way if the answer still is "changed the code in LDAPGroupExportSource to support this. "

How can I do that  Smiley Happy Please  somebody could point me to the right direction

thanks in advance
Labels:
0 Kudos
1 REPLY 1

rzavila
Champ in-the-making
Champ in-the-making

‎01-20-2012 01:54 PM

Well I think I solved

I am using the latest version community available the 4.0 c.


In
/alfresco/tomcat/shared/classes/alfresco-global.properties

just added as I was suposed to do: 

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

take me a little time to figure it out ,that the ldap1 files were in:

/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap

found a lot of people in the web writing about we are suposed to copy those files to /alfresco/tomcat/shared/classes/  but that just not worked for me at all.

I supose there is some configuration file where we declare the right path to those files, but I was not been able to
find them, so I sticked to what was working.

so in /alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/
there was three files :

common-ldap-context.xml  ldap-authentication-context.xml  ldap-authentication.properties

the common ldap-context.xml seems to to treat the values you declare as variables and work with them
in ldap-authentication.properties

ldap.authentication.userNameFormat=
ldap.authentication.java.naming.provider.url=ldap://ldap.org:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=admin,dc\=org,dc=\net
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=sambaGroupMapping)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=sambaGroupMapping)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=or\=Groups,dc\=org,dc\=net
ldap.synchronization.userSearchBase=or\=Users,dc\=org,dc\=net
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=sambaGroupMapping
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.enableProgressEstimation=true

My first problem was that I was using in

ldap.synchronization.groupMemberAttributeName=memberUid

the atribute "member" instead of "memberUid",

once I changed them, the alfresco started to sync my groups, but not seem to was able to sync all the groups but only a handfull of them.

long story short first , after some research found that openldap limits the number of entries in a serch for the default
number of 500.

I changed  my openldap server in /etc/ldap/slapd.conf settings to

sizelimit 50000
timelimit 3600

and get a bunch of more groups but not all of them.


The trick was the modifyTimestamp  in:

ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

alfresco was set to search  the groups modified,only  according the modifyTimestamp value  I changed that to

ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson) )

To sync all the groups entries in the ldap database

and restarted the service for a first run

after that change again to the original

ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

now I have all my samba ldap  groups, properly populated in alfresco database.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC