Hyland Connect

jimmykirk · ‎05-12-2010

I recently installed 3.3

Everything seems okay, but it seems like almost daily that my user, nobody else, gets kicked out of all the groups I'm in.

For instance, I login and have nothing in "My Sites". If I search in the sites search area, I see the option to "Leave" one I should be a member of.

Anyone else had this issue?

Notes: I am using LDAP authentication and the my user was designated as the Admin in the ldap config. I recently changed it to a dedicated Alfresco Admin user…

jimmykirk · ‎05-13-2010

It's done it again. It seems like it purges my joined sites daily.

This is from the log yesterday, and seems odd to me:


10:14:31,161 WARN  [org.alfresco.repo.usage.ContentUsageImpl] User usage (jimmy) is negative (-5468557) overriding to 0
10:14:31,194 WARN  [org.alfresco.repo.usage.ContentUsageImpl] User usage (jimmy) is negative (-5871645) overriding to 0
10:14:31,210 WARN  [org.alfresco.repo.usage.ContentUsageImpl] User usage (jimmy) is negative (-5881629) overriding to 0
10:14:31,240 WARN  [org.alfresco.repo.usage.ContentUsageImpl] User usage (jimmy) is negative (-5883742) overriding to 0
10:14:31,256 WARN  [org.alfresco.repo.usage.ContentUsageImpl] User usage (jimmy) is negative (-6021673) overriding to 0
‍‍‍‍‍‍‍

This is the LDAP sync log from today:

00:00:00,082 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
00:00:00,082 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Full synchronization with user registry 'ldap1'; some users and groups previously created by synchronization with this us$
00:00:00,082 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
00:00:00,096 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 2 entries
00:00:00,487 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Processed 2 entries out of 2. 100% complete. Rate: 5 per second. 0 failures detected.
00:00:00,487 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 2 entries
00:00:00,505 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Creation and Association: Commencing batch of 2 entries
00:00:00,506 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Creation and Association: Processed 2 entries out of 2. 100% complete. Rate: 2000 per second. 0 failures dete$
00:00:00,506 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Creation and Association: Completed batch of 2 entries
00:00:00,506 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
00:00:00,514 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 24 entries
00:00:02,127 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Processed 24 entries out of 24. 100% complete. Rate: 14 per second. 0 failures detec$
00:00:02,127 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 24 entries
00:00:02,238 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Commencing batch of 1 entries
00:00:02,442 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Processed 1 entries out of 1. 100% complete. Rate: 4 per second. 0 failures detected.
00:00:02,442 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Completed batch of 1 entries
00:00:02,442 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
00:00:02,442 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 25 user(s) and 2 group(s) processed
09:50:27,213 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
09:50:27,215 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since May 3, 2010 11:41:35 AM from user registry 'ldap1'
09:50:27,225 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
09:50:27,226 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
09:50:27,226 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since May 12, 2010 11:47:13 PM from user registry 'ldap1'
09:50:27,239 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 2 entries
09:50:27,308 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Processed 2 entries out of 2. 100% complete. Rate: 28 per second. 0 failures detecte$
09:50:27,308 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 2 entries
09:50:27,310 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
09:50:27,310 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 2 user(s) and 0 group(s) processed
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Is there any way I can find out which two users it's "resynching"? it seems like it's removing my account and adding it back each sync.

Here is my ldap config in alfresco-global.properties:

#ldap info!

authentication.chain=ldap1:ldap

ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.allowguestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=domain,dc=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://10.0.0.109:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=alfrescoadmin

ldap.synchronization.active=true

ldap.synchronization.queryBatchSize=1000
ldap.synchronization.java.naming.security.principal=uid=zimbra,cn=admins,cn=zimbra
ldap.synchronization.java.naming.security.credentials=<password>

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'

ldap.synchronization.userSearchBase=dc=domain,dc=com
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

#ldap.synchronization.personQuery=(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled))
ldap.synchronization.personQuery=(&(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled)(gidNumber=20001)))
ldap.synchronization.personDifferentialQuery=(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled)(!(modifyTimestamp<={0})))
ldap.synchronization.personType=organizationalPerson

ldap.synchronization.groupSearchBase=dc=domain,dc=com
ldap.synchronization.groupQuery=(&(objectclass=zimbraDistributionList)(zimbraMailStatus=enabled))
ldap.synchronization.groupDifferentialQuery=(&(objectclass=zimbraDistributionList)(zimbraMailStatus=enabled)(!(modifyTimestamp<={0})))
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=zimbraDistributionList
ldap.synchronization.groupMemberAttributeName=zimbraMailForwardingAddress

synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
# every 5 minutes
ldap.synchronization.import.cron=5 * * * *
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Could it be that I need synchronizeChanges only to be true? I'm going crazy over here losing my sites daily…

jimmykirk · ‎05-13-2010

Little more digging and I found it.

It was an uh-oh by me.

We have some accounts we don't want in Alfresco or on our Samba shares.

We are using Zimbra with the POSIX/SAMBA integration. I have some people not on SAMBA/Alfresco with a posixGID of 20002(Dummy Account). I had forgotten that my account was setup with PosixGID of 20004(Domain Admins), as we authenticate our Windows machines with our SAMBA PDC. So, I have appended the ldap.PersonQuery to include that group, along with our PosixGID of 20001(Everybody).

The new person query used to resolve this is below

(&(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled)(|(gidNumber=20001)(gidNumber=20004))))‍

I still have one other account showing up as being changed, but I don't have any users complaining about this. Is there a more verbose output to the log that I could use to see which users it's adding?

Hyland Connect

Share 3.3 no sites listed in my sites