Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP search string to import users/groups

qasimh
Champ in-the-making
Champ in-the-making

‎01-29-2008 06:57 PM

Hi there,

I'm using Alfresco 2.1 CE, on Windows 2003, and Tomcat.

I have configured NTLM as indicated http://forums.alfresco.com/viewtopic.php?t=7750&postdays=0&postorder=asc&highlight=cifs+server+confi...

I have configured LDAP sync aswell, but I am trying to refine the search LDAP string so it gives me what I want (not all users and groups without any decent qualification).

To do so, I need to follow the LDAP search string syntax, which can look like this (i.e. exclude disabled user accounts and certain names):
(&(objectclass=user)(sAMAccountType=805306368)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!cn=Team*)(!cn=FMS*))

The '&' is causing some trouble.  I get the following error when the server is starting up:

18:31:53,443 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 118 in XML document from file [C:\alfresco21\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException: The entity name must immediately follow the '&' in the entity reference.
Caused by:
org.xml.sax.SAXParseException: The entity name must immediately follow the '&' in the entity reference.
   at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
   at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
   at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
   at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
….
..

Does anyone know of any workarounds?  There seems to be some conflicting syntax between the LDAP search string and the parser.
Labels:
0 Kudos
2 REPLIES 2

qasimh
Champ in-the-making
Champ in-the-making

‎01-30-2008 11:00 AM

To get around this conflict, I avoided using the "AND"(&).  I applied it's equivalent using "NOT"s (!) and "OR"s (|).

Be sure to properly enclose the not in parenthesis.  i.e.
(!CN=John*) is not strictly correct, eventhough most AD tools don't complain.  You must use (!(CN=John*))
0 Kudos

qasimh
Champ in-the-making
Champ in-the-making

‎01-31-2008 04:00 PM

I found the proper syntax to avoid conflicts between the SOX parser and the LDAP search string syntax (when dealing with '&') is to embed the search string in the following block:
<![CDATA[MY_LDAP_SEARCH_STRING]]>

An example was posted on the Wiki forums:
(@ Active Directory Tips for LDAP People and Group Synchronisation)
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration

Note that the nots (!) need to follow the LDAP search syntax rules strictly… i.e. (!(A=B)) as opposed to (!A=B)
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC