Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Synchronization with Alfresco 3.4d

pnavinkumar
Champ in-the-making
Champ in-the-making

‎04-12-2011 01:41 AM

Hi all

I am new to alfresco and I am trying to setup the LDAP Sync with 3.4d. I have been able to establish the login to my AD which is a win2003 server. But somehow synchronization doesn't seem to work for me.

Here is my configuration:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

ldap.authentication.active=true
ldap.authentication.userNameFormat=%s
ldap.authentication.defaultAdministratorUserNames=admin
ldap.authentication.java.naming.provider.url=ldap://domainserver:389
ldap.authentication.java.naming.security.authentication=simple

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=ldap@itech.com
ldap.synchronization.java.naming.security.credentials=password

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=itech,dc\=com
ldap.synchronization.userSearchBase=CN\=Users,dc\=itech,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member


but the above configuration fails with the below error:

15:46:40,220 UserSmiley Frustratedystem ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03040000 User and group import failed

Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=itech,DC=com'
]; remaining name 'ou=Groups,dc=itech,dc=com'


Desperately looking for help on this. Hoping to get a response.

Thanks in advance.
Labels:
0 Kudos
20 REPLIES 20

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-18-2011 05:11 AM

Thanks for your help Mourad. I will try this out and let you know if this works for me.
0 Kudos

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-18-2011 09:21 AM

Hi Mourad

I had tried but still it continues to give this error. Please do let me know if you are able to make some sense out of this.

18:47:15,151 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap2'
18:47:15,151 UserSmiley Frustratedystem WARN  [security.sync.ChainingUserRegistrySynchronizer] Full synchronization with user registry 'ldap2'; some users and groups previously created by synchronization with this user registry may be removed.
18:47:15,151 UserSmiley Frustratedystem INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap2'
18:47:15,151 UserSmiley Frustratedystem ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 04180005 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:618)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
   'DC=iTech,DC=com'
; remaining name 'ou=Groups,dc=iTech,dc=com'
   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1129)
   … 8 more


If you notice the error above, it says
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
   'DC=iTech,DC=com'

iTech.com is my domain name and I dont understand how it says there are no objects in this. Or does NameNotFoundException points to something else?

Thanks for your help.
0 Kudos

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-18-2011 09:35 AM

Hi schulman

Both the settings are as you have mentioned for AD.
0 Kudos

mouradef
Champ in-the-making
Champ in-the-making

‎05-23-2011 05:35 AM

Hi,
can you please post your ldap-authentification.properties ?

I had also problems in fetching users, it was because ldap.synchronization.userSearchBase was not correct.
Alfresco tried to retrieve users from this location. Are you sure your users belongs to value that you give to ldap.synchronization.userSearchBase ?
0 Kudos

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-23-2011 06:21 AM

Hi

I have already given my ldap-configuration on the 1st post of this thread itself. I had given the usersearchbase to be CN\=Users,dc\=itech,dc\=com

Now based on the settings you had shared, I also tried ou\=User Accounts,dc\=iTech,dc\=com. I still have the same error. I have posted the error I am having on the previous posts. Please do let me know if you will need more information.

Thanks
Navin
0 Kudos

mouradef
Champ in-the-making
Champ in-the-making

‎05-23-2011 07:49 AM

I think you have to add your domain name. Try replacing
ldap.authentication.userNameFormat=%s

by
ldap.authentication.userNameFormat=%s@itech.com

in my case, even if authentification is done using samacountname, i had to add domain name to make it work ! (don't understand why !)
0 Kudos

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-23-2011 08:11 AM

Hi Mourad

I had tried with %s@itech.com sometime back itself and my current settings reflect that. But still there is no respite for me.  Smiley Sad

Anyways, I am planning to try and download 3.5d and try it on a new box altogether and see if I get any luck there. I did see a couple of posts where people had said it was working for them in 3.4c and it doesnt work in 3.4d. The solution was to move the authentication file from 3.4c machine to 3.4d machine.

By the way, which version are you working on?
0 Kudos

mouradef
Champ in-the-making
Champ in-the-making

‎05-23-2011 08:34 AM

Hi Navin,
Sorry for not being able to help you.
I'm using Alfresco 3.4d and it's working well, after having many problemes, especially to correctly set usersearch and groupsearch
I started by a simple one group import, by setting :
ldap.synchronization.groupSearchBase=CN=OneGroup,ou\=Groups,dc\=itech,dc\=com

the idea is to ask alfresco to import one group (the one i explicitely give),
by giving the name of one group, i was sure group part is Ok and allows me to debug users import …divide and conquer Smiley Happy

may be there is a bug somwhere, you can also move to 3.5 version and test
good luck
0 Kudos

pnavinkumar
Champ in-the-making
Champ in-the-making

‎05-23-2011 08:49 AM

Hi

What is the UserSearchBase that you are currently using? I am connecting it to Windows 2003 AD server and using ldap-ad authentication subsystem for authentication.

Thanks
0 Kudos

mouradef
Champ in-the-making
Champ in-the-making

‎05-23-2011 08:57 AM

my userSearchBase is like:
OU=MyDepartement,DC=TECH,DC=COM

i'm also using windows AD with ldap-ad authentification subsystem ..
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC