Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems with LDAP user synchronisation

patrick_gill
Champ in-the-making
Champ in-the-making

‎01-18-2008 10:28 AM

I have followed the examples provided in the Wiki and these forums to setup LDAP login on two LDAP servers (working fine) and I am now trying to get the user synchronisation working. For some reason the users are not getting synchronised but the groups are. This is what I have in my ldap-authentication-context.xml:


    <bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapPeopleImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!– Start after 5 minutes of starting the repository –>
        <property name="startDelay">
            <value>300000</value>
        </property>
        <!– Repeat every hour –>
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
        <!– Commented out to disable –>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
    </bean>
    
    <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapGroupImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!– Start after 5 minutes of starting the repository –>
        <property name="startDelay">
            <value>300000</value>
        </property>
        <!– Repeat every hour –>
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
        <!– Commented out to disable –>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        
    </bean>

And the log outputs:


15:12:02,562 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (482) schema 64 - Installed version 2.1.0 (482) schema 64
15:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Found 0
15:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Top 0
15:16:41,343 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Secondary 0

:?: Any ideas why the group import runs but the user import doesn't? Does it have anything to do with chaining? I have the following:

ldap-authentication-context.xml

    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value>
        </property>
    </bean>
    
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
                <entry key="java.naming.provider.url">
                    <value>ldaps://myldap1:636</value>
                </entry>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                </entry>
            </map>
        </property>
    </bean>

chaining-authentication-context.xml

    <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <ref bean="authenticationServiceImplLDAP1"/>
                <ref bean="authenticationServiceImplLDAP2"/>
            </list>
        </property>
    </bean>

    <bean id="authenticationServiceImplLDAP1" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoLDAP1"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
    </bean>
    
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory1"/>
        </property>
        <property name="userNameFormat">
            <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value>
        </property>
    </bean>
    
    <bean id="ldapInitialDirContextFactory1" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
                <entry key="java.naming.provider.url">
                    <value>ldaps://myldap1:636</value>
                </entry>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                </entry>
            </map>
        </property>
    </bean>
    
    <bean id="authenticationDaoLDAP1" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>

    <bean id="authenticationServiceImplLDAP2" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoLDAP2"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplLDAP2"/>
        </property>
    </bean>
    
    <bean id="authenticationComponentImplLDAP2" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory2"/>
        </property>
        <property name="userNameFormat">
            <value>uid=%s,ou=people,dc=mycompany,dc=co.uk</value>
        </property>
    </bean>
    
    <bean id="ldapInitialDirContextFactory2" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
                <entry key="java.naming.provider.url">
                    <value>ldaps://myldap2:636</value>
                </entry>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                </entry>
            </map>
        </property>
    </bean>
    
    <bean id="authenticationDaoLDAP2" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>

Could there be some sort of conflict?
Labels:
0 Kudos
2 REPLIES 2

patrick_gill
Champ in-the-making
Champ in-the-making

‎01-21-2008 04:22 AM

I have now resolved this issue. As it turns out I had set the objectClass incorrectly for the personQuery property. It now exports users without a problem. Having said that, a log line saying something like 'No users found for objectClass = whatever' would have been a lot more useful than no output what-so-ever.
0 Kudos

robertoroberto
Champ in-the-making
Champ in-the-making

‎01-22-2008 04:12 AM

Hi, how have you done to log debug info about ldap import user?

5:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Found 0
15:16:41,328 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Top 0
15:16:41,343 DEBUG [org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource] Secondary 0

Regards.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC