Hyland Connect

micdy · ‎01-26-2010

Hello,
i'm trying to set up AD authentication and sync, the authentication work fine,
but synchronisation dont work…

i try to fix my problem for days now, but nothing work and dont find my answer in other post

Here is my config in : alfresco-global.properties


#Authentication chain
authentication.chain=passthru1:passthru,ldap1:ldap

#Passthru
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAIN\\999.999.999.999
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=Alfresco
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP

alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false

#LDAP Sync
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.provider.url=ldap://999.999.999.999:389
ldap.synchronization.java.naming.security.principal=Alfresco_user
ldap.synchronization.java.naming.security.credentials=Alfresco_user_PASSWORD
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.synchronization.userSearchBase=dc=domain,dc=com
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
#ldap.synchronization.personType=person
ldap.synchronization.personType=user
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.personQuery=(objectclass=user)
ldap.synchronization.groupQuery=(objectclass=group)
ldap.synchronization.groupType=group
synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0 * * * ?
synchronization.syncOnStartup=true
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

i keep looking for a solution, if i find it, i will post it here.

Thank you so much for your time and help

micdy · ‎01-26-2010

woot it work now, i inspire myself from this post : http://forums.alfresco.com/en/viewtopic.php?f=9&t=24552
and now i have my script working..

i post it here if it can help someone.



authentication.chain=passthru1:passthru,ldap1:ldap

ntlm.authentication.sso.enabled=false

passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAIN\\999.999.999.999
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=Alfresco_user
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true


ldap.authentication.active=false
ldap.synchronization.active=true

ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.provider.url=ldap://999.999.999.999:389
ldap.synchronization.java.naming.security.principal=Alfresco_user
ldap.synchronization.java.naming.security.credentials=Alfresco_user_password



ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(&(objectclass\=group))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc\=domain,dc\=com
ldap.synchronization.userSearchBase=dc\=domain,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=true

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

it import all users and all groups of the domain
hope it help

dward · ‎02-02-2010

Why did you feel the need to customize all the queries? The default ones should be fine.

micdy · ‎02-02-2010

Because if i only use the default querry, it only synchronise user of type : "InetOrgPerson" from our Active Directory.
it's not what i wanted because InetOrgPerson are external or web users i think, i only wanted users of type "user"

i think InetOrgPerson is the default user in OpenLdap, but i'm not sure.

i have modify it again


ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl:1.2.840.113556.1.4.803:=512))(!(modifyTimestamp<\={0}))
‍‍‍‍

the reason for adding : (userAccountControl:1.2.840.113556.1.4.803:=512)
is to filter only valid users. i mean before i put this system return me all system users. with this filter i now have only true users

Hyland Connect

Ldap Active Directory Sync