09-01-2020 07:53 AM
Hi Team,
When i search with * in admin-console > users page, it shows only 5000 users and in actual LDAP has more than 15000 active users.
When we search for some of the active users, getting 0 result.
How to check number of users synced via LDAP? Any script?
Below are the configuration for LDAP sync in alfresco-global.properties file.
ldap.synchronization.active=true authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad ldap.authentication.active=true ldap.authentication.allowGuestLogin=false ldap.authentication.userNameFormat=%s@inroot.in ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.authentication.java.naming.provider.url=ldap://<IP>:389 ldap.authentication.java.naming.security.authentication=simple ldap.authentication.escapeCommasInBind=false ldap.authentication.escapeCommasInUid=false ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco synchronization.syncOnStartup=false ldap.synchronization.active=true ldap.synchronization.java.naming.security.principal=username ldap.synchronization.java.naming.security.credentials=password ldap.synchronization.queryBatchSize=1000 ldap.synchronization.attributeBatchSize=1000 synchronization.synchronizeChangesOnly=false synchronization.allowDeletions=true synchronization.syncWhenMissingPeopleLogIn=true ldap.synchronization.groupQuery=(objectclass\=group) ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0}))) ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0}))) ldap.synchronization.groupSearchBase=dc\=XYZ,dc\=IN ldap.synchronization.userSearchBase=dc\=XYZ,dc\=IN dap.synchronization.modifyTimestampAttributeName=whenChanged #ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z' ldap.synchronization.userIdAttributeName=sAMAccountName ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.userLastNameAttributeName=sn ldap.synchronization.userEmailAttributeName=mail ldap.synchronization.userOrganizationalIdAttributeName=company ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider #ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider ldap.synchronization.groupIdAttributeName=cn ldap.synchronization.groupDisplayNameAttributeName=displayName ldap.synchronization.groupType=group ldap.synchronization.personType=user ldap.synchronization.groupMemberAttributeName=member ldap.synchronization.enableProgressEstimation=true
Thanks,
Hardik
09-02-2020 03:15 AM
Hello hardik_thakkar,
We had a similar issue because of the insufficient rights of our LDAP user.
I suggest you make tries with Apache Directory Studio, you will easyly see what the LDAP query returns.
When you are satisfied with the result, you can make a full import for example by removing
(!(whenChanged<\={0})
in the ldap.synchronization.personDifferentialQuery and restart alfresco.
When full import is done, restore the initial configuration and restart alfresco once again.
09-08-2020 06:45 AM
This might be worth a look
Explore our Alfresco products with the links below. Use labels to filter content by product module.