Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sync problem (?) with Active Directory

lchoonch
Champ in-the-making
Champ in-the-making

‎07-23-2009 05:32 AM

I'm new to Alfresco and just spent the last week configuring Alfresco 3.2.  I use AD and I am experiencing a problem with the synchronization with AD.  Every time my AD user logs in, Alfresco creates all the users.  Is the normal behaviour ?  My configuration is

ldap.authentication.active=false
ldap.authentication.defaultAdministratorUserName=admin,Administrator
ldap.authentication.userNameFormat=cn\=%s,cn\=Users,dc\=myhome,dc\=net

ldap.synchronization.active=true
ldap.synchronization.java,naming.security.principal=cn\=Test Admin,cn\=Users,dc\=myhome,dc\=net
ldap.synchronization.java.naming.security.credentials=<some password>
ldap.synchronization.userSearchBase=cn\=Users,dc\=myhome,dc\=net

synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogin=true
synchronization.autoCreatePeopleOnLogin=true

Can someone give some suggestions ?   Thanks.
Labels:
0 Kudos
3 REPLIES 3

jbaldo
Champ in-the-making
Champ in-the-making

‎07-31-2009 03:41 PM

Maybe you've resolved this by now, but when an unknown user attempts to login and is authenticated, it triggers a sync.  Your config is attempting to do a sync at this location:

ldap.synchronization.userSearchBase=cn\=Users,dc\=myhome,dc\=net

I think by default it attempts to add the first 1000 users.

You can narrow the scope by adding a query string which only selects users with certain attributes:

ldap.synchronization.personDifferentialQuery
    The query to select objects that represent the users to export that have changed since a certain time. Should use the placeholder {0} in place of a timestamp in the format specified by ldap.synchronization.timestampFormat. The timestamp substituted will be the maximum value of the attribute named by ldap.synchronization.modifyTimestampAttributeName the last time users were queried. This query is used in 'differential sync mode', which by default is triggered whenever a user is successfully authenticated that does not yet exist in Alfresco. See The Synchronization Subsystem.

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
0 Kudos

lchoonch
Champ in-the-making
Champ in-the-making

‎08-02-2009 03:18 AM

thank you I manage to resolve this.  It is as you said the ldap syncs on login if the user has not been created. This was not the only problem.  Narrowing the sync query AND also excluding the Guest user ( I am using AD ) fixed the problem for me.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎08-03-2009 05:43 AM

FYI it queries in batches of 1000 users at a time but is not restricted to 1000 users. It just uses multiple round-trips to the LDAP server to retrieve the users. This is controlled by:

ldap.synchronization.queryBatchSize
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC