Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is an OU mandatory in AD for ldap synchronization?

marcobusetto
Champ in-the-making
Champ in-the-making

‎05-28-2010 10:04 AM

Is an Organization Unit (OU) mandatory in Active Directory (AD) for ldap-ad synchronization?

I just configured Alfresco 3.3 to connect to an Active Directory. I'm a newbie in both and one of the firsts problems that I faced was that it seems mandatory the presence of an Organization Unit upstream. If I try to configure the ldap.synchronization.userSearchBase parameter without an OU element (i.e. only "DC\=mylab,DC\=loc") I get a synchronization exception error like "org.alfresco.error.AlfrescoRuntimeException: 04280001 User and group import failed".

I tried to search on this forum for somebody who faced and fixed this issue yet, but the only workaround seems to be the definition of an Organization Unit below wich all users can be found.

Does anybody knows some tip to avoid the adjusting of the AD organization to the Alfresco configuration?

Thanks in advance.
Labels:
0 Kudos
4 REPLIES 4

joe_m
Champ in-the-making
Champ in-the-making

‎05-28-2010 10:34 AM

I'm not an Active Directory expert either but I thought it was normal to split an AD domain into OUs, it eases administration, allows you to define group policies etc. I think it's only normal that Alfresco doesn't allow you to give access to everyone in the domain as you will most probably have different access rights for different OUs.
0 Kudos

marcobusetto
Champ in-the-making
Champ in-the-making

‎05-28-2010 10:42 AM

I agree with you but I'm afraid it's not so obvious. In case you're installing Alfresco into a pretty complex company that didn't defined any OU but only some groups, I think it's impractical to adjust the AD organization to the Alfresco configuration and not the Alfresco configuration to the AD organization…
0 Kudos

ivan_plestina
Champ in-the-making
Champ in-the-making

‎05-29-2010 10:19 AM

One reader of
my blog had a similar problem and had found it to be related to http://issues.alfresco.com/jira/browse/ALF-2796?page=com.atlassian.jira.plugin.system.issuetabpanels...
0 Kudos

l2hawk
Champ in-the-making
Champ in-the-making

‎06-08-2010 11:22 PM

I am new to Alfresco and confused about the AD authenication intergration.  MS AD is a LDAP server which can be easily queried.  I don't understand why Alfresco requires a specific OU.  Has anyone tried to query for a Group Memebership?
DC=myDomain,DC=com,cn=AlfrescoGroup,ou=User

I have used this type of query in some of my scripts for pulling info from AD.  In our org we create an OU for the branch office location, under that we have at least two more Computer and Users.  This query should search all of the domain for users in the Users OU that are members of AlfrescoGroup. 

Please let me know if this helps anyone.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC