Problems with LDAP user synchronisation
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2008 10:28 AM
I have followed the examples provided in the Wiki and these forums to setup LDAP login on two LDAP servers (working fine) and I am now trying to get the user synchronisation working. For some reason the users are not getting synchronised but the groups are. This is what I have in my ldap-authentication-context.xml:
And the log outputs:
:?: Any ideas why the group import runs but the user import doesn't? Does it have anything to do with chaining? I have the following:
ldap-authentication-context.xml
chaining-authentication-context.xml
Could there be some sort of conflict?
<bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean"> <property name="jobDetail"> <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean"> <property name="jobClass"> <value>org.alfresco.repo.importer.ImporterJob</value> </property> <property name="jobDataAsMap"> <map> <entry key="bean"> <ref bean="ldapPeopleImport"/> </entry> </map> </property> </bean> </property> <!– Start after 5 minutes of starting the repository –> <property name="startDelay"> <value>300000</value> </property> <!– Repeat every hour –> <property name="repeatInterval"> <value>3600000</value> </property> <!– Commented out to disable –> <property name="scheduler"> <ref bean="schedulerFactory" /> </property> </bean> <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean"> <property name="jobDetail"> <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean"> <property name="jobClass"> <value>org.alfresco.repo.importer.ImporterJob</value> </property> <property name="jobDataAsMap"> <map> <entry key="bean"> <ref bean="ldapGroupImport"/> </entry> </map> </property> </bean> </property> <!– Start after 5 minutes of starting the repository –> <property name="startDelay"> <value>300000</value> </property> <!– Repeat every hour –> <property name="repeatInterval"> <value>3600000</value> </property> <!– Commented out to disable –> <property name="scheduler"> <ref bean="schedulerFactory" /> </property> </bean>And the log outputs:
15:12:02,562 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (482) schema 64 - Installed version 2.1.0 (482) schema 6415:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Found 015:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Top 015:16:41,343 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Secondary 0:?: Any ideas why the group import runs but the user import doesn't? Does it have anything to do with chaining? I have the following:
ldap-authentication-context.xml
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"> <property name="LDAPInitialDirContextFactory"> <ref bean="ldapInitialDirContextFactory"/> </property> <property name="userNameFormat"> <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value> </property> </bean> <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"> <property name="initialDirContextEnvironment"> <map> <entry key="java.naming.factory.initial"> <value>com.sun.jndi.ldap.LdapCtxFactory</value> </entry> <entry key="java.naming.provider.url"> <value>ldaps://myldap1:636</value> </entry> <entry key="java.naming.security.authentication"> <value>simple</value> </entry> </map> </property> </bean>chaining-authentication-context.xml
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl"> <property name="authenticationServices"> <list> <ref bean="authenticationServiceImplLDAP1"/> <ref bean="authenticationServiceImplLDAP2"/> </list> </property> </bean> <bean id="authenticationServiceImplLDAP1" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoLDAP1"/> </property> <property name="ticketComponent"> <ref bean="ticketComponent"/> </property> <property name="authenticationComponent"> <ref bean="authenticationComponent"/> </property> </bean> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"> <property name="LDAPInitialDirContextFactory"> <ref bean="ldapInitialDirContextFactory1"/> </property> <property name="userNameFormat"> <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value> </property> </bean> <bean id="ldapInitialDirContextFactory1" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"> <property name="initialDirContextEnvironment"> <map> <entry key="java.naming.factory.initial"> <value>com.sun.jndi.ldap.LdapCtxFactory</value> </entry> <entry key="java.naming.provider.url"> <value>ldaps://myldap1:636</value> </entry> <entry key="java.naming.security.authentication"> <value>simple</value> </entry> </map> </property> </bean> <bean id="authenticationDaoLDAP1" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/> <bean id="authenticationServiceImplLDAP2" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoLDAP2"/> </property> <property name="ticketComponent"> <ref bean="ticketComponent"/> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplLDAP2"/> </property> </bean> <bean id="authenticationComponentImplLDAP2" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"> <property name="LDAPInitialDirContextFactory"> <ref bean="ldapInitialDirContextFactory2"/> </property> <property name="userNameFormat"> <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value> </property> </bean> <bean id="ldapInitialDirContextFactory2" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"> <property name="initialDirContextEnvironment"> <map> <entry key="java.naming.factory.initial"> <value>com.sun.jndi.ldap.LdapCtxFactory</value> </entry> <entry key="java.naming.provider.url"> <value>ldaps://myldap2:636</value> </entry> <entry key="java.naming.security.authentication"> <value>simple</value> </entry> </map> </property> </bean> <bean id="authenticationDaoLDAP2" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>Could there be some sort of conflict?
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2008 04:22 AM
I have now resolved this issue. As it turns out I had set the objectClass incorrectly for the personQuery property. It now exports users without a problem. Having said that, a log line saying something like 'No users found for objectClass = whatever' would have been a lot more useful than no output what-so-ever.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2008 04:12 AM
Hi, how have you done to log debug info about ldap import user?
5:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Found 0
15:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Top 0
15:16:41,343 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Secondary 0
Regards.
5:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Found 0
15:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Top 0
15:16:41,343 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Secondary 0
Regards.
