06-12-2020 11:45 PM
For the Alfresco Directory management user interface, is there any space limit (min aximum number of characters that can be typed) in personQuery and personDifferentialQuery?
When I go to:
https://myserver/alfresco/service/enterprise/admin/admin-directorymanagement
and then edit LDAP-AD Directory
I see entries for Person Query and Person Differential Query.
I try to enter (type) values in Person Query and Person Differential Query. It seems that after a certain number of characters, it does not allow me to type additional characters.
Question 1.
Is there any space (character) limit on the length that can be typed in Person Query and Person Differential Query?
I am typing as:
(&(objectCategory=person)(|(memberof
but it seems to not take the number of characters beyond a certain length
Question 2.
I would also like to understand the relationship between:
(i) values that I see (or manually type) in the admin-directorymanagement console
and
(ii) entries that I have typed in global properties on LDAP. In global properties, I also have entries and values for person query and [person differential query and the cron value synchronizes on the startup of the Alfresco service.
Do the values in the global properties override the values in admin-directorymanagement console?
I realized that the values in the global properties are different from the values in admin-directorymanagement console.
Ideally, they should be the same, I supppose, and I will type the same values.
But I am not able to type all the values in the admin-directorymanagement for person query as it seems to give me a limit on the number of characters that can be typed.
Question 3.
If I want to pull up all the users(person) for the groups defined, can I write like the one below?
(&(objectCategory=person))
The documentation says (objectclass=user)
Which one should I choose?
Although, ideally I would like to limit the user with member of and CN (if I can type all the members in personquery) instead of using something like person, or user.
06-29-2020 02:53 PM
1. I don't know of any limits, but you should not be relying on the admin console to make settings you actually want to keep. Making changes in the admin console should be considered temporary.
2. The values you change in the admin console are made via JMX. JMX settings override what is in the alfresco-global.properties file. At best, this can cause confusion. At worst, these settings sometimes get persisted to the database in strange ways that can be hard to detect and correct. That's why you should really avoid doing it and instead put the correct settings in your a-g.p file or in the subsystem LDAP config.
3. For question three, I can't tell you definitively because I don't know your LDAP schema. What you have specified are LDAP filters. You can and should be testing these against your own LDAP directory. From the command line on a Linux box you can use ldapsearch to do that. You can also use a tool like Apache Directory Studio to connect to your LDAP server, browse its structure, and test your queries.
Once you get your settings working, backfill those into your a-g.p file and subsystem config, then go into the admin console, go into the "JMX Settings" and "revert" every single one that is listed. That way, you can be sure that your server is using what's in your known-good file-based config.
Explore our Alfresco products with the links below. Use labels to filter content by product module.