Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP filter on physicalDeliveryOfficeName (Alfresco 3.2)

fr7
Champ in-the-making
Champ in-the-making

‎06-22-2012 08:40 AM

Hi everyone, i have a problem on my Alfresco 3.2 installation 'cause i need to filter users based on their physicalDeliveryOfficeName field value on company's LDAP server.

I read documentation, and i found i need to modify ldap-ad-authentication.properties(or ldap-authentication.properties, but ad in my case).

So… what field i need to change on it?

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

to

ldap.synchronization.groupQuery=((objectclass\=group)(physicalDeliveryOfficeName\=MYOFFICE))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0}))(physicalDeliveryOfficeName\=MYOFFICE))

or

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl…..))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl…..)(!(modifyTimestamp<\={0})))

to

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl…..)(physicalDeliveryOfficeName\=MYOFFICE))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl…..)(!(modifyTimestamp<\={0}))(physicalDeliveryOfficeName\=MYOFFICE))

?

I looked for examples on import LDAP users based on custom fields, but i've not found any useful example. :roll:

And… what if i need to specify 2 different values in a boolean OR condition?

Thanks for support,  :wink:
Fabio.
Labels:
0 Kudos
3 REPLIES 3

afaust
Legendary Innovator
Legendary Innovator

‎06-23-2012 01:37 PM

Hello,

based on the names of the options you listed and your use case, it should be clear that the personQuery / personDifferentialQuery needs to be adapted. And if you need to filter by two ORed values, than add the necessary OR-query fragment. I'd advise to check on the LDAP Query Syntax if you want to modify those queries. In your case, you should add a 
(|(physicalDeliveryOfficeName\=MYOFFICE)(physicalDeliveryOfficeName\=YOUROFFICE))
in your examples.

Regards
Axel
0 Kudos

fr7
Champ in-the-making
Champ in-the-making

‎06-25-2012 10:12 AM

Tnx for reply, i have another question : if i set synchronization on, Alfresco will only import or will export users too? I only need authentication, but with this field's filter : is this(person query + synchronization on) procedure the right one?


Thanks,
Fabio.
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎06-25-2012 10:31 AM

Hello,

Alfresco will not export users - this is not a part of the feature set and can thus not be enabled by any setting.
If you are using LDAP for authentication, having synchronisation on is usually the best option. When you combine it with the setting that Alfresco never creates (local) users that are "unknown", you essentially limit the users that can authenticate via LDAP (note that limiting the query alone does not achieve this).

Regards
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC