Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Synchronizing deleted LDAP group?

jimbojw
Champ in-the-making
Champ in-the-making

‎09-04-2009 03:53 PM

Hi all,

I have Alfresco community 3.3 (nightly from Aug 11) installed and synchronizing with Active Directory.

To set up, I performed the following steps:

1. Created a new folder (space)
2. In Manage Space Users, I unchecked the box for inheriting from the parent space
3. I added a group previously imported from AD called TEST_USERS
4. Confirmed that testuser1 (a member) could manipulate the directory

Then, to test:
5. On the Domain Controller, I deleted the AD group TEST_USERS
6. Restarted Alfresco
7. In the startup logs, I see:

15:59:14,082 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
15:59:14,113 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since Aug 29, 2009 4:00:34 AM from user registry 'ldap1'
15:59:14,316 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving groups changed since Aug 29, 2009 4:03:24 AM from user registry 'ldap1'
15:59:14,456 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
15:59:14,456 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed
15:59:14,472 User:System INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete
So it appears that Alfresco did not pick up on the removed group.  Going into Alfresco's administration console -> Manage Groups, I still see TEST_USERS.

Is this the intended behavior?  If not, what should it be doing?  Thanks in advance.
Labels:
0 Kudos
3 REPLIES 3

dward
Champ on-the-rise
Champ on-the-rise

‎09-05-2009 07:35 AM

To detect deleted users and groups, Alfresco has to query ALL users and groups from the LDAP directory. Not just those that have changed.

This is called a full sync, and only happens in the scheduled job that runs by default every midnight.

Alfresco does a faster 'differential sync' where it only queries for changed users and groups whenever a missing user is successfully authenticated and whenever the server is started up.

See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem for more details.
0 Kudos

jimbojw
Champ in-the-making
Champ in-the-making

‎09-09-2009 10:56 AM

Thanks dward,

After posting my comment and waiting 24 hours, I was able to confirm that deleted groups are indeed purged from Alfresco's cache during the nightly full sync.

Is there an easy way to trigger a full sync "on demand" (preferably without restarting the server)?  Thanks in advance.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-09-2009 12:40 PM

Sounds like you have the original community release, that commits all changes in one (very large and slow) transaction. Might still be worth taking a newer nightly build.

When the v3.2 Enterpise Edition is released, you'll be able to trigger it via JMX and JConsole. But right now, there is no easier way.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC