cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco 7.1 problem synchronize with LDAP

rbelfils
Champ in-the-making
Champ in-the-making

Hello ,

i have some problem with sync LDAP .

Alfresco start to sync but failed.

2023-09-19 10:07:50,044  INFO  [management.subsystems.ChildApplicationContextFactory] [http-nio-8080-exec-5] Startup of 'Search' subsystem, ID: [Search, managed, solr6] complete
2023-09-19T10:08:54.730817023Z 2023-09-19 10:08:54,730  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ldap1-ad'
2023-09-19T10:08:54.730856122Z 2023-09-19 10:08:54,730  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2023-09-19T10:08:54.778505718Z 2023-09-19 10:08:54,778  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving all groups from user registry 'ldap1-ad'
2023-09-19T10:10:55.310029421Z 2023-09-19 10:10:55,309  WARN  [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-3] Failed to resolve member of group 'zzzzRecettes-iTop' with distinguished name: CN=Thomas FERRAZ - Teamwork,OU=ou_Contacts_Externe,OU=ZAdminAlptis,DC=alptis,DC=local
2023-09-19T10:11:12.602004506Z 2023-09-19 10:11:12,601  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Commencing batch of 1447 entries
2023-09-19T10:11:13.054824493Z 2023-09-19 10:11:13,054  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 100 entries out of 1447. 7% complete. Rate: 220 per second. 0 failures detected.
2023-09-19T10:11:13.447487759Z 2023-09-19 10:11:13,447  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 200 entries out of 1447. 14% complete. Rate: 236 per second. 0 failures detected.
2023-09-19T10:11:13.812573178Z 2023-09-19 10:11:13,812  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 300 entries out of 1447. 21% complete. Rate: 247 per second. 0 failures detected.
2023-09-19T10:11:14.201224373Z 2023-09-19 10:11:14,200  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 400 entries out of 1447. 28% complete. Rate: 250 per second. 0 failures detected.
2023-09-19T10:11:14.556970721Z 2023-09-19 10:11:14,556  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 500 entries out of 1447. 35% complete. Rate: 255 per second. 0 failures detected.
2023-09-19T10:11:15.012058635Z 2023-09-19 10:11:15,011  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 600 entries out of 1447. 41% complete. Rate: 248 per second. 0 failures detected.
2023-09-19T10:11:15.443136710Z 2023-09-19 10:11:15,442  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 700 entries out of 1447. 48% complete. Rate: 246 per second. 0 failures detected.
2023-09-19T10:11:16.302546563Z 2023-09-19 10:11:16,302  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 800 entries out of 1447. 55% complete. Rate: 216 per second. 0 failures detected.
2023-09-19T10:11:16.699533387Z 2023-09-19 10:11:16,699  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 900 entries out of 1447. 62% complete. Rate: 219 per second. 0 failures detected.
2023-09-19T10:11:17.032435260Z 2023-09-19 10:11:17,032  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1000 entries out of 1447. 69% complete. Rate: 225 per second. 0 failures detected.
2023-09-19T10:11:17.287481586Z 2023-09-19 10:11:17,287  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1100 entries out of 1447. 76% complete. Rate: 234 per second. 0 failures detected.
2023-09-19T10:11:17.764118244Z 2023-09-19 10:11:17,763  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1200 entries out of 1447. 83% complete. Rate: 232 per second. 0 failures detected.
2023-09-19T10:11:18.089037550Z 2023-09-19 10:11:18,088  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1300 entries out of 1447. 90% complete. Rate: 236 per second. 0 failures detected.
2023-09-19T10:11:18.427441426Z 2023-09-19 10:11:18,427  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1400 entries out of 1447. 97% complete. Rate: 240 per second. 0 failures detected.
2023-09-19T10:11:18.541540425Z 2023-09-19 10:11:18,541  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1447 entries out of 1447. 100% complete. Rate: 243 per second. 0 failures detected.
2023-09-19T10:11:18.541569975Z 2023-09-19 10:11:18,541  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Completed batch of 1447 entries
2023-09-19T10:12:22.784214830Z 2023-09-19 10:12:22,781  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.784275750Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null
2023-09-19T10:12:22.784284995Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1346)
2023-09-19T10:12:22.784289365Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:584)
2023-09-19T10:12:22.784305878Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
2023-09-19T10:12:22.784308809Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
2023-09-19T10:12:22.784311069Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
2023-09-19T10:12:22.784313185Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
2023-09-19T10:12:22.784315512Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
2023-09-19T10:12:22.784317797Z 	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
2023-09-19T10:12:22.784319884Z 	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
2023-09-19T10:12:22.784322799Z 	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
2023-09-19T10:12:22.784324851Z 	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
2023-09-19T10:12:22.784326847Z 	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
2023-09-19T10:12:22.784328797Z Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]]
2023-09-19T10:12:22.784330938Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237)
2023-09-19T10:12:22.784332951Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189)
2023-09-19T10:12:22.784336844Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1327)
2023-09-19T10:12:22.784339010Z 	... 11 more
2023-09-19T10:12:22.784340948Z Caused by: javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
2023-09-19T10:12:22.784343007Z 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96)
2023-09-19T10:12:22.784345094Z 	at java.naming/com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151)
2023-09-19T10:12:22.784347055Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325)
2023-09-19T10:12:22.784371734Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227)
2023-09-19T10:12:22.784376002Z 	... 13 more
2023-09-19T10:12:22.784378183Z Caused by: java.net.ConnectException: Connection refused (Connection refused)
2023-09-19T10:12:22.784380279Z 	at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
2023-09-19T10:12:22.784386579Z 	at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
2023-09-19T10:12:22.784388849Z 	at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
2023-09-19T10:12:22.784390820Z 	at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
2023-09-19T10:12:22.784392825Z 	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
2023-09-19T10:12:22.784394772Z 	at java.base/java.net.Socket.connect(Socket.java:609)
2023-09-19T10:12:22.784396660Z 	at java.base/java.net.Socket.connect(Socket.java:558)
2023-09-19T10:12:22.784398447Z 	at java.base/java.net.Socket.<init>(Socket.java:454)
2023-09-19T10:12:22.784400499Z 	at java.base/java.net.Socket.<init>(Socket.java:231)
2023-09-19T10:12:22.784402403Z 	at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:345)
2023-09-19T10:12:22.784404310Z 	at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:231)
2023-09-19T10:12:22.784442419Z 	at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
2023-09-19T10:12:22.784460807Z 	at java.naming/com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
2023-09-19T10:12:22.784475214Z 	at java.naming/com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
2023-09-19T10:12:22.784484519Z 	at java.naming/com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
2023-09-19T10:12:22.784493686Z 	at java.naming/com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:340)
2023-09-19T10:12:22.784620914Z 	at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
2023-09-19T10:12:22.784662831Z 	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
2023-09-19T10:12:22.784684381Z 	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
2023-09-19T10:12:22.784702073Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
2023-09-19T10:12:22.784732662Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
2023-09-19T10:12:22.784745989Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:183)
2023-09-19T10:12:22.784780532Z 	at java.naming/com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
2023-09-19T10:12:22.784806426Z 	at java.naming/javax.naming.spi.NamingManager.getURLObject(NamingManager.java:624)
2023-09-19T10:12:22.784831167Z 	at java.naming/javax.naming.spi.NamingManager.processURL(NamingManager.java:401)
2023-09-19T10:12:22.784879106Z 	at java.naming/javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:381)
2023-09-19T10:12:22.784916477Z 	at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:353)
2023-09-19T10:12:22.785048548Z 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119)
2023-09-19T10:12:22.785072289Z 	... 16 more
2023-09-19T10:12:22.806742581Z 2023-09-19 10:12:22,806  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.806775031Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null
2023-09-19T10:12:22.806778632Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1346)
2023-09-19T10:12:22.806781025Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:584)
2023-09-19T10:12:22.806783194Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)

.... 2023-09-19T10:12:22.814202259Z at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:353) 2023-09-19T10:12:22.814244642Z at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119) 2023-09-19T10:12:22.814275667Z ... 16 more Caused by: javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)] 2023-09-19T10:12:22.806817166Z at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96)

Log alfresco try to connect to  entreprise.local:389 but real url set is  ldap://masterad.infra.entreprise.local:389

but have this error :
2023-09-19T10:12:22.784214830Z 2023-09-19 10:12:22,781 ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.784275750Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null

someone can help me ?

thx a lot

3 REPLIES 3

fedorow
Elite Collaborator
Elite Collaborator
Connection refused

Check the connection and authantication first. Look into LDAP server logs too.

It you want to get help here, please add you LDAP configuration.

rbelfils
Champ in-the-making
Champ in-the-making

Alfresco start to sync users + groups and crash.


# désactivation de la création automatique de personne
# sinon une personne connue de kerberos mais pas de la synchro serai quand même créée
synchronization.autoCreatePeopleOnLogin=false
# permet d'activer/déactiver la synchronisation LDAP au démarrage de la ged
synchronization.syncOnStartup=false
synchronization.synchronizeChangesOnly=true

# Authentification LDAP
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false

# Formatage du nom d?utilisateur Alptis
ldap.authentication.userNameFormat=%s@alptis.local

# URL d?accès au LDAP
ldap.authentication.java.naming.provider.url=ldap://masterad.infra.entreprise.local:389

# LDAP Principal utilisé pour la connexion au LDAP
ldap.synchronization.java.naming.security.principal=alfresco_adm@entreprise.local
ldap.synchronization.java.naming.security.credentials=********

# Attribut permettant de déclencher la synchronisation différentielle
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# Requêtes LDAP permettant de définir la liste des groupes LDAP à synchroniser & requêtes différentielles & complètes
ldap.synchronization.groupSearchBase=ou=uo_groupes_globaux, ou=ZAdminAlptis, dc=alptis, dc=local
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

# Requêtes LDAP permettant de définir la liste des utilisateurs LDAP à synchroniser & requêtes différentielles & complètes
ldap.synchronization.userSearchBase=dc=alptis, dc=local
ldap.synchronization.personQuery=(&(objectClass=user)(objectCategory=person)(l=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
ldap.synchronization.personDifferentialQuery=(&(objectClass=user)(objectCategory=person)(l=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(modifyTimestamp<\={0})))



fedorow
Elite Collaborator
Elite Collaborator

If you suspect the wrong host, check your ldap.authentication.java.naming.provider.url propertie. You can do it, for example, with OOTBee Support Tools in the https://your-domain.com/alfresco/s/ootbee/admin/system-information.