Hyland Connect

Cesar Capillas‌: The default settings do not exclude disabled users. The default LDAP/AD query

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))‍

only specifies that the account must be a "regular user account". In order to exclude a disabled user you need to explicitly disallow synchronisation of any user with that flag.:

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(userAccountControl\:1.2.840.113556.1.4.803\:\=2)))‍

(a similar change needs to be made to the personDifferentialQuery)

The regular LDAP subsystem does not even have a notion of disabled users in its default queries and thus will not filter anything out.

The default is sensible in the way that it does not immediately delete a user (and their preferences, site memberships etc.) just because they may have been disabled temporarily (i.e. maternity leave, sabbatical, extended medical leave). Changes to the queries need to be based on the corporate user management principles and reflect the best approach for the specific processes in use for the organisation...

Creo que no os he entendido. He probado con estas sentencias en el

alfresco-global.properties:

ldap.synchronization.userAccountControl=true

ldap.synchronization.userAccountStatusProperty=userAccountControl

#ldap.synchronization.userAccountStatusProperty=ds-pwp-account-disabled

#ldap.synchronization.disabledAccountPropertyValue=true

#ldap.synchronization.externalUserControl=true

#ldap.synchronization.externalUserControlSubsystemName=ldap-ad1

#ldap.synchronization.allowDeletions=true

Pero en Alfresco la cuenta de los usuarios en cuestión sigue sin salir

desactivada.

el campo de userAccountControl tiene

"[ AccountDisabled\, NoPasswordRequired\, NormalAccount ]"

Qué sentencia en el alfresco-global.properties debería poner para que

aparezca desactivada?

Gracias.

2017-08-01 11:54 GMT+02:00 afaust <kristen.gastaldo@alfresco.com>:

Alfresco Community

<https://community.alfresco.com/?et=watches.email.thread>

Re: ¿How can I sync LDAP user accounts in Alfresco 3.4?

reply from Axel Faust

<https://community.alfresco.com/people/afaust?et=watches.email.thread> in *Alfresco

Content Services (ECM)* - View the full discussion

<https://community.alfresco.com/message/819076-re-how-can-i-sync-ldap-user-accounts-in-alfresco-34?commentID=819076&et=watches.email.thread#comment-819076>

I think I don´t understand you. I tried with these sentences in the

alfresco-global.properties:

Ldap.synchronization.userAccountControl = true

Ldap.synchronization.userAccountStatusProperty = userAccountControl

1. Ldap.synchronization.userAccountStatusProperty = ds-pwp-account-disabled

2. Ldap.synchronization.disabledAccountPropertyValue = true

3. Ldap.synchronization.externalUserControl = true

4. Ldap.synchronization.externalUserControlSubsystemName = ldap-ad1

5. Ldap.synchronization.allowDeletions = true

But in Alfresco the account of the users in question is still not enabled.

TheAccountControl user field has

"[AccountDisabled \, NoPasswordRequired \, NormalAccount]" from LDAP

records...

What sentence in the alfresco-global.properties should you put to appear

disabled?

Thank you.

2017-08-01 11:54 GMT+02:00 afaust <kristen.gastaldo@alfresco.com>:

Alfresco Community

<https://community.alfresco.com/?et=watches.email.thread>

Re: ¿How can I sync LDAP user accounts in Alfresco 3.4?

reply from Axel Faust

<https://community.alfresco.com/people/afaust?et=watches.email.thread> in *Alfresco

Content Services (ECM)* - View the full discussion

<https://community.alfresco.com/message/819076-re-how-can-i-sync-ldap-user-accounts-in-alfresco-34?commentID=819076&et=watches.email.thread#comment-819076>