Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Ldap query on single subOU

ermantis
Champ in-the-making
Champ in-the-making

‎08-12-2013 05:07 AM

Hello everyone,
So this is what my ldap looks like :

-red.lan
—Groups(OU)
——Computers(SubOU)
——Printers(SubOU)
——<strong>Users</strong>(SubOU)
—Some(OU)
—<strong>Users</strong>(OU)
——SomeOther(SubOU)

So, i'm trying to make a query that would select all the groups in Users(SubOU), but not those in Groups(OU) nor any of the other subOUs of Groups(OU).

I already have a query that imports all users in Users(OU).

The actual query I have imports all groups in Groups(OU), and when i modify it, it imports the groups in Users(OU).

Query used :

ldap.synchronization.groupSearchBase=ou\=Groups,dc\=red,dc\=lan

The trick is that i have a OU named Users, and a subOU named Users too, which is why i'd like to specify that i want to import the groups of Users(SubOU) in the Groups(OU).

This query will then be used for Alfresco 4.2 (not sure it changes anything though.)

Thanks in advance !
Labels:
0 Kudos
9 REPLIES 9

iblanco
Confirmed Champ
Confirmed Champ

‎08-14-2013 03:43 AM

Sorry Ermantis but I don't get what your problem is, why can't you just use this?

ldap.synchronization.groupSearchBase=ou\=Users,ou\=Groups,dc\=red,dc\=lan

The search base is specified with a fully qualified Distinguised Name so there is not duplicity or confusion possible with the other Users OU.
0 Kudos

ermantis
Champ in-the-making
Champ in-the-making

‎08-14-2013 03:58 AM

Well, I've tryed and put this query :
ldap.synchronization.groupSearchBase=ou\=Users,ou\=Groups,dc\=red,dc\=lan‌​‍


But it wont work ! It still imports all groups from the Groups OU, not only those under Users…
I add : there are some other OUs under Users\Groups, and I must import all the groups inside them. Don't know if it changes anything though (don't think so).
Thanks for your reply.
0 Kudos

iblanco
Confirmed Champ
Confirmed Champ

‎08-14-2013 07:43 AM

Are you sure that it is importing those other groups ? Have you deleted them after changing the configuration and restarting Alfresco ?

By default Alfresco synchornization is done in a differential way or differential with deletions. The groups might not be deleted because although it is not taking them back to Alfresco again they do still exist. Not 100% sure about that though.

Just in case I would configure Alfresco to make a FULL synchronization instead of differential and program the CRON to trigger it now:

http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem

0 Kudos

ermantis
Champ in-the-making
Champ in-the-making
In response to iblanco

‎08-14-2013 08:26 AM

I haven't tryed deleting those groups.
I've set synchronization.synchronizeChangesOnly to false already and it is not deleting groups already created… But suppressing groups manually seems to do the trick : they are not re-imported.
It does not automatically suppress the groups though… How could I change that ? Also I can't find out how to pass the synchronization in Partial With Deletion mode ?
Or is there a way to delete all existing groups so it syncs from scrap ?
0 Kudos

iblanco
Confirmed Champ
Confirmed Champ

‎08-14-2013 09:43 AM

Ermantis, have you read the provide link about synchronization ?

On startup and authentication a "differential" sync is done, not a "differential with removals" or a "full" one. If you run a "full" or probably even a "differential with removals" sync old groups should dissapear.

You should change in alfresco-global.properties the cron expression to fire a "differential with removals" or "full" synchronization:

# The cron expression defining when imports should take placesynchronization.import.cron=0 0 0 * * ?‍‍‍‍


As you can see by default it fires every midnight, change it to something like "0 0/5 * * * ?" so that it fires every 5 minutes and restart Alfresco. Once you have ended don't forget to reestablish the cron expression to something more reasonable than firingi sync every 5 minutes and restart again.



0 Kudos

ermantis
Champ in-the-making
Champ in-the-making
In response to iblanco

‎08-20-2013 09:34 AM

Changing the cron expression doesnt' trigger a full sync.
I've set
synchronization.import.cron=0 0/5 * * * ?
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
in Alfresco-global.properties.
Then restarted alfresco.
Still doesn't work : groups aren't deleted.
Am I doing something wrong ?
0 Kudos

ermantis
Champ in-the-making
Champ in-the-making

‎08-27-2013 04:21 AM

Any update ? 😕
0 Kudos

iblanco
Confirmed Champ
Confirmed Champ

‎09-02-2013 04:04 AM

Enable <a href="http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem#Debugging">logging for the synchronization as stated in the wiki</a> and report what it says when synchronization fires.

Authorities in Alfresco are related to zones, so if a full synchronization fires and some groups "dissapear" they should dissapear also in Alfresco. I think zones are named after the instance name you use for you ldap source subsytem, typically "ldap1". Have you changed that name ? If you change that name I guess there is a chance for Alfresco not to correctly relate the old groups with the LDAP.
0 Kudos

ermantis
Champ in-the-making
Champ in-the-making
In response to iblanco

‎11-12-2013 10:38 AM

Well, I totaly deleted the configuration and made it from the beginning and it seems to work. Thanks.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top