cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP Sync error

anandhan
Star Contributor
Star Contributor

Hi,

I'm receiving error during LDAP sync, due to this sync is not successful. 

Configuration:

ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://abc-dom.local
ldap.authentication.userNameFormat=%s@abc-dom.local
ldap.synchronization.synchronizeChangesOnly=false
ldap.synchronization.groupSearchBase=OU=Groups,DC=abc-dom,DC=local
ldap.synchronization.userSearchBase=OU=Users,DC=abc-dom,DC=local
ldap.synchronization.java.naming.security.principal=servicea@abc-dom.local
ldap.synchronization.java.naming.security.credentials=password

Log

2017-10-30 20:32:19,467 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-10-30 20:32:19,542 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2017-10-30 20:32:28,405 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'SEC_DSL' with distinguished name: CN=USER A,OU=ABC - India,OU=REMOTE,OU=Users,OU=abc_USERS,DC=abc-dom,DC=local
2017-10-30 20:32:32,950 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 1353 entries
2017-10-30 20:32:33,504 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 100 entries out of 1353. 7% complete. Rate: 180 per second. 0 failures detected.
2017-10-30 20:32:33,859 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 200 entries out of 1353. 15% complete. Rate: 220 per second. 0 failures detected.
2017-10-30 20:32:34,195 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 300 entries out of 1353. 22% complete. Rate: 240 per second. 0 failures detected.
2017-10-30 20:32:34,515 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 400 entries out of 1353. 30% complete. Rate: 255 per second. 0 failures detected.
2017-10-30 20:32:34,806 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 500 entries out of 1353. 37% complete. Rate: 269 per second. 0 failures detected.
2017-10-30 20:32:35,110 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 600 entries out of 1353. 44% complete. Rate: 277 per second. 0 failures detected.
2017-10-30 20:32:35,387 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 700 entries out of 1353. 52% complete. Rate: 287 per second. 0 failures detected.
2017-10-30 20:32:35,665 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 800 entries out of 1353. 59% complete. Rate: 294 per second. 0 failures detected.
2017-10-30 20:32:36,011 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 900 entries out of 1353. 67% complete. Rate: 294 per second. 0 failures detected.
2017-10-30 20:32:36,326 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 1000 entries out of 1353. 74% complete. Rate: 296 per second. 0 failures detected.
2017-10-30 20:32:36,608 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 1100 entries out of 1353. 81% complete. Rate: 300 per second. 0 failures detected.
2017-10-30 20:32:36,882 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 1200 entries out of 1353. 89% complete. Rate: 305 per second. 0 failures detected.
2017-10-30 20:32:37,210 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 1300 entries out of 1353. 96% complete. Rate: 305 per second. 0 failures detected.
2017-10-30 20:32:37,360 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 1353 entries out of 1353. 100% complete. Rate: 306 per second. 0 failures detected.
2017-10-30 20:32:37,360 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 1353 entries
2017-10-30 20:32:37,450 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Commencing batch of 538 entries
2017-10-30 20:32:37,456 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 100 entries out of 538. 19% complete. Rate: 16666 per second. 0 failures detected.
2017-10-30 20:32:37,460 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 200 entries out of 538. 37% complete. Rate: 20000 per second. 0 failures detected.
2017-10-30 20:32:37,465 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 300 entries out of 538. 56% complete. Rate: 20000 per second. 0 failures detected.
2017-10-30 20:32:37,469 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 400 entries out of 538. 74% complete. Rate: 21052 per second. 0 failures detected.
2017-10-30 20:32:37,473 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 500 entries out of 538. 93% complete. Rate: 21739 per second. 0 failures detected.
2017-10-30 20:32:37,474 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 538 entries out of 538. 100% complete. Rate: 22416 per second. 0 failures detected.
2017-10-30 20:32:37,475 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Completed batch of 538 entries
2017-10-30 20:32:37,476 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all users from user registry 'ldap1'
2017-10-30 20:32:37,730 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 09300019 Error during LDAP Search. Reason:[LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=abc-dom,DC=local'
 ]
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1326)  
    at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=abc-dom,DC=local'
 ]; remaining name 'OU=Users,DC=abc-dom,DC=local'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1305)
    ... 40 more

2 REPLIES 2

calvo
Star Collaborator
Star Collaborator

Hi,

Maybe this link could be useful:

 

Regards,

clv

anandhan
Star Contributor
Star Contributor

The above link doesn't work. From the log it seems all the users and groups are not resolved from AD. Please find the sample entry from alfresco.log

2017-10-31 16:08:45,909 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'TST_Administrators' with distinguished name: CN=David,OU=Admin,OU=USERS,DC=abc-dom,DC=local