cancel
Showing results for 
Search instead for 
Did you mean: 

Some users are not synced via LDAP

hardik_thakkar
Star Contributor
Star Contributor

Hi Team,

When i search with * in admin-console > users page, it shows only 5000 users and in actual LDAP has more than 15000 active users.

When we search for some of the active users, getting 0 result.

How to check number of users synced via LDAP? Any script?

Below are the configuration for LDAP sync in alfresco-global.properties file.

ldap.synchronization.active=true
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@inroot.in
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<IP>:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
synchronization.syncOnStartup=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=username
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true

ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=dc\=XYZ,dc\=IN

ldap.synchronization.userSearchBase=dc\=XYZ,dc\=IN

dap.synchronization.modifyTimestampAttributeName=whenChanged
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
#ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Thanks,

Hardik

2 REPLIES 2

achauve
Champ in-the-making
Champ in-the-making

Hello hardik_thakkar,

We had a similar issue because of the insufficient rights of our LDAP user.

I suggest you make tries with Apache Directory Studio, you will easyly see what the LDAP query returns.

When you are satisfied with the result, you can make a full import for example by removing

(!(whenChanged<\={0})

in the ldap.synchronization.personDifferentialQuery and restart alfresco.

When full import is done, restore the initial configuration and restart alfresco once again.