Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Resync users

todor_petkov
Champ in-the-making
Champ in-the-making

‎03-21-2013 11:19 AM

Hello,

I have installed alfresco-4.2.c with LDAP authentication against Redhat Directory Server. It works great, however, I have added several new people in LDAP. These people are now showing up in the search. I logged with the account of one of them, but the email is not synced.

I found this article http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem but I can not get it how to make Alfresco read LDAP users in 'realtime', meaning when I add an user in LDAP and then I search in Alfresco for him, it is showing there.

I took a look at /opt/alfresco-4.2.c/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties and I found this:

# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true


Should I set this to "false"?


Regards,

Labels:
0 Kudos
2 REPLIES 2

todor_petkov
Champ in-the-making
Champ in-the-making

‎03-21-2013 02:22 PM

I found something strange doing tcpdump after restart of alfresco:

249 is alfresco, 254 is LDAP
A.B.C.249.54812-A.B.C.254.00389: 0….`……..
A.B.C.254.00389-A.B.C.249.54812: 0….a.
……
A.B.C.249.54813-A.B.C.254.00389: 0$…`……daftAsABrush..daftAsABrush
A.B.C.254.00389-A.B.C.249.54813: 0….a.
. ….
A.B.C.249.54814-A.B.C.254.00389: 0/…`*…..cn=daftAsABrush,dc=woof..daftAsABrush
A.B.C.254.00389-A.B.C.249.54814: 0….a.
. ….
A.B.C.249.54815-A.B.C.254.00389: 0O…`J….,cn=directory manager,dc=domain,dc=com..sdasdasdasdasd123123123
A.B.C.254.00389-A.B.C.249.54815: 0#…a.
. ..dc=domain,dc=com..
A.B.C.249.54812-A.B.C.254.00389: 0….B.
A.B.C.249.54818-A.B.C.254.00389: 0B…`=….,cn=directory manager,dc=domain,dc=com.
JIUBYIUYIUYBUIOYUIOO


then it begins to try to connect to the LDAP server by using admin and the db password (not the LDAP directory manager password):

A.B.C.249.54892-A.B.C.254.00389: 0E…`@….+uid=admin,ou=People,dc=domain,dc=com..DBPASS

Can anyone give me a hint? I am looking in google, but nothing so far.


0 Kudos

mrogers
Star Contributor
Star Contributor
In response to todor_petkov

‎03-22-2013 05:39 PM

The "daft as a brush" test is verifying that invalid login actually fails,e since its possible to configure ldap to allow access without any validation.  IIRC There's a setting somewhere to turn it off if its a problem.   

The sync job periodically imports users and groups from LDAP.  
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC