cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory LDAP being polled by Alfresco millions of times per day

rgajraj
Champ in-the-making
Champ in-the-making

I have a peculiar problem where Alfresco (5 and 6.2) polls our Active Directory LDAP millions of times per day when we don't even do that many uploads to Alfresco. We upload documents to Alfresco via Chronoscan OCR tool. The Chronoscan tool would have to get permission from the LDAP when uploading documents to Alfresco.

We have about 12000 users in our Active Directory LDAP. Is there any way Alfresco syncronisation settings can cause this issue? If so, what could I do?

2 REPLIES 2

cesarista
World-Class Innovator
World-Class Innovator

Hi:

Normally ldap sync job is run daily. Please check the ldap cronjob (synchronization.import.cron), maybe you have some problem with the expression.

On the other side check if your configuration is doing or forced to do full syncs (synchronization.synchronizeChangesOnly). With an active directory of 12k users this may be a bad strategy.

Finally check, the sync user on login properties (synchronization.syncWhenMissingPeopleLogIn or synchronization.autoCreatePeopleOnLogin).

Add sync related logs to have more information.  

https://docs.alfresco.com/content-services/community/admin/auth-sync/#configure-synchronization 

Regards.

--C.

mitpatoliya
Star Collaborator
Star Collaborator

Yes, your guess is right. It has to do with your sync settings.

Alfresco Docs - Set up authentication and sync Check the configurations related to frequency of sync. You may want to use "differential" sync mode (synchronization.synchronizeChangesOnly).

Sync trigger should be "scheduled" or "startup" (synchronization.syncOnStartup)

To prevent all users getting synced you will have to change your query 

ldap.synchronization.groupSearchBase=ou=ad2,ou=Alfresco\ ,dc=domain,dc=com ldap.synchronization.userSearchBase=ou=ad2,ou=Alfresco,dc=domain,dc=com

These properties ensures only matching group and users are synced. You can talk to your LDAP admin team and create some unique ou for your system user and then use that ou in the query. This way you can prevent all other users from syncing to alfresco.