Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems with LDAP :: Missing 'equals';

gareth
Champ in-the-making
Champ in-the-making

‎07-05-2011 12:05 PM

Hi, this seems to be a very popular topic, but I'm afraid I can't find the answer.

I've reached the point where I have Alfresco authenticating against Zimbra LDAP, but there seems to be either a Java or Alfresco bug I can't get around hence syncing isn't working properly. I have the following in my config;
ldap.synchronization.groupSearchBase=dc=xxxx,dc=com
ldap.synchronization.userSearchBase=dc=xxxx,dc=com
Group sync works fine, yet user sync fails with;
Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=xxxx,dc=com'
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
[this is community version 3.4.d on Ubuntu]
It seems the query never makes it to the LDAP API, so I'm sort of guessing this is Alfreso (?) , it doesn't seem to matter "what" I put in for the userSearchBase, it will always throw an error at this point. (albeit the error changes depending in what I enter, however it always seems to find a reason to barf at this point)

Any pointers would be much appreciated!!

#
#       AUTHENTICATION
#
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,OU=people,DC=xxxx,DC=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://zm.xxxx.com:3890
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
#
#       SYNCRONISATION
#
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=zimbra,cn=admins,cn=zimbra
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronisation.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=dc=xxxx,dc=com
ldap.synchronization.userSearchBase=dc=xxxx,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=xxxx
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=zimbraMailRecipient
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.enableProgressEstimation=true
ldap.synchronisation.import.person.cron=55 11 * * * ?
ldap.synchronisation.import.group.cron=56 11 * * * ?
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false
Labels:
0 Kudos
7 REPLIES 7

bcoulson
Champ in-the-making
Champ in-the-making

‎07-05-2011 04:17 PM

Gareth

I am wondering if it is because you have not escaped the = in the property value. So it should be:


ldap.synchronization.groupSearchBase=dc\=xxxx,dc\=com
ldap.synchronization.userSearchBase=dc\=xxxx,dc\=com

Although I do realize that it works for groupSearchBase. I am getting a similar error, however not exactly the same. Alfresco complains about an invliad attribute:

Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name


I do have my = escaped. If I comment out my userSearchBase line, then it uses the default Alfresco one and complains with the exact same error. This all worked before upgrading to Alfresco 3.4.d.
0 Kudos

gareth
Champ in-the-making
Champ in-the-making

‎07-05-2011 05:01 PM

Thanks for the reply, but escaping the '=' makes no difference … (I did try this .. Smiley Happy  )

Also note that the string is correctly quoted in the error message …

What version did you have working previously? I'm not averse to downgrading .. after spending most of the day failing to make it work ..

That is one thing I've noticed about Alfresco, there do seem to be a number of 'critical' problems that pop up from nowhere with no warning and no easy fix .. Smiley Sad

I got bitten by SSL certs not too long ago .. I know that technically it's a Flash issue, but telling users they can only upload files if they use IE doesn't fly in my World .. Smiley Sad
0 Kudos

bcoulson
Champ in-the-making
Champ in-the-making

‎07-07-2011 11:28 AM

Ok - well I figured you had tried that, but thought it worth mentioning all the same. sorry  Smiley Sad

I upgraded from 3.4.c to 3.4.d and everything worked almost seamlessly for my LDAP integration out of the box for 3.4.c. But not so for 3.4.d. I too am looking to downgrade if I cannot get to the bottom of my current issue. I will let you know if I find anything else out. I may open a ticket if the issue persists and I can recreate it easily on my local without introducing alot of my other customizations, which should be easy enough to do as they are not even related.
0 Kudos

gareth
Champ in-the-making
Champ in-the-making

‎07-08-2011 07:36 AM

Ok, I've tried 3.4.e , no joy .. trying 3.4.c now …
0 Kudos

gareth
Champ in-the-making
Champ in-the-making

‎07-08-2011 08:11 AM

No, 3.4.c does exactly the same thing .. Groups sync Ok, but I get the same error trying to sync users ….

- anyone any ideas?

13:09:14,030 UserSmiley Frustratedystem WARN  [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 06080000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.access$2500(LDAPUserRegistry.java:77)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection.<init>(LDAPUserRegistry.java:1297)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:544)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1150)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=xxxxxxxx,dc=xx,dc=com'
   at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:305)
   at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:151)
   at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1129)
   … 49 more
13:09:14,037  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
0 Kudos

bcoulson
Champ in-the-making
Champ in-the-making

‎07-08-2011 02:23 PM

Hello - I do not have any ideas for you unfortunately, only more information to tell you that I misspoke previously. I was using 3.4.d and recently upgraded to 3.4.e when I started to experience this problem. Everything worked fine on 3.4.c and 3.4.d. I am not sure if that helps you or not as you seem to be able to reproduce it consistently.
0 Kudos

heiko_robert
Star Collaborator
Star Collaborator

‎07-12-2011 01:33 PM

Hi Gareth,
to be on the save side I suggest you restore (if you can) to the latest Backup with 3.4.d which is an 'official release'. 3.4.e seems to be just a preview for activity integration.
See http://wiki.alfresco.com/wiki/Alfresco_Community_3.4.e_Release_Notes and the Link to the 'Latest Release': http://wiki.alfresco.com/wiki/Download_and_Install_Alfresco
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC