Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP syncs up 0 users and 0 groups - 3.3g on RHEL 5.5

jamied66
Champ in-the-making
Champ in-the-making

‎07-26-2010 04:49 PM

I have LDAP working for authentication just fine, but I think my problem w/syncronization now lies in how I'm telling it to query LDAP.  I can see my principal user hitting the LDAP server.  It just feels like I don't quite have the queries right.  If anyone would have a look I'd be extremely grateful:

I have a very simple LDAP tree:

ou=People,dc=mydomain,dc=com — contains users (uid=…)
ou=groups,dc=mydomain,dc=com — contains groups

I have the following set in alfresco:

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(&(objectclass\=groups)(memberOf\=ou\=groups,dc\=mydomain,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groups)(memberOf\=ou\=groups,dc\=mydomain,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=People)(memberOf\=ou\=People,dc\=mydomain,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=People)(memberOf\=ou\=People,dc\=mydomain,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

I get the following in my startup logs:

16:34:30,806 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
16:34:30,809 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
16:34:31,085 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
16:34:31,086 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
16:34:31,089 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
16:34:31,102 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 0 entries
16:34:31,109 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 0 entries
16:34:31,109 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
16:34:31,109 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed
16:34:31,122  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete


Thanks,

Jamie
Labels:
0 Kudos
2 REPLIES 2

dward
Champ on-the-rise
Champ on-the-rise

‎07-27-2010 06:20 AM

An ou is an organizational unit, not a group, so you can't use memberof with it. You restrict the query to an ou using groupSearchBase and userSearchBase.

You need to find out what your group class is. Is it groupOfNames or groupOfUniqueNames?

Then set the following parameters appropriately

# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=ou\=groups,dc\=mydomain,dc\=com

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=ou\=People,dc\=mydomain,dc\=com

# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)

# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))

# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)

# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

# The group type in LDAP
ldap.synchronization.groupType=groupOfNames

# The person type in LDAP
ldap.synchronization.personType=inetOrgPerson
0 Kudos

jamied66
Champ in-the-making
Champ in-the-making

‎07-27-2010 01:58 PM

thanks.  All of that sort of sunk in last night and I have synchronization working.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC