cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot sync user groups from WIndows AD

henrychoi_yw
Champ in-the-making
Champ in-the-making
I'm using Alfresco on Linux. I can sync the users from Windows AD to Alfresco but I can't sync the user groups from Windows AD.
Anyone know why it doesn't sync groups only?

Many thanks.
6 REPLIES 6

borisstankov
Champ in-the-making
Champ in-the-making
Hi there,

Check out this topic:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-lda...

There are some very helpful pointers for synchronazing your groups and users.

Boris

Thanks very much for the reply.
I have tried to set the following:
synchronization.synchronizeChangesOnly = false
and
synchronization.syncOnStartup = true

After that I tried to restart with alfresco.sh restart tomcat
but the groups still the same and not updated.

henrychoi_yw
Champ in-the-making
Champ in-the-making
I want to ask do I need to do any setting on Windows Server ? Any AD LDS need to install to make the group sync works ?

Hm, I'm sure about this if you need or not to do that.
However I'm certain that you need to add more than just those two parameters for the synchronization.

Please add all of the parameters from this section of the same topic, restart and check again:
### LDAP Integration ###
where you have this at the beggining: ldap.synchronization. or just synchronization. - just to be sure that you have all the configs enabled.

Cheers!

henrychoi_yw
Champ in-the-making
Champ in-the-making
<strong>I am getting error from the log:</strong>
04:23:03,947 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03250001 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:632)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1650)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1644)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:485)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:685)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: intranet.cshcc.org.hk:389 [Root exception is java.net.ConnectException: Connection timed out]]
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1131)
   … 47 more
Caused by: javax.naming.CommunicationException: intranet.cshcc.org.hk:389 [Root exception is java.net.ConnectException: Connection timed out]
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
   at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
   at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
   … 49 more
Caused by: java.net.ConnectException: Connection timed out
   at java.net.PlainSocketImpl.socketConnect(Native Method)
   at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
   at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
   at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
   at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
   at java.net.Socket.connect(Socket.java:529)
   at java.net.Socket.connect(Socket.java:478)
   at java.net.Socket.<init>(Socket.java:375)
   at java.net.Socket.<init>(Socket.java:189)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
   at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
   at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
   at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
   at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
   at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
   at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
   at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
   at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
   at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
   … 52 more

<strong>and my alfresco-global.properties file looks like this:</strong>
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1Smiley Tongueassthru,ldap-ad1:ldap-ad

alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
ntlm.authentication.mapUnknownUserToGuest=false

#ldap.authentication.active=false
#ldap.synchronization.active=true

passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.useLocalServer=false
passthru.authentication.domain=CSHCC
passthru.authentication.servers=CSHCC\\192.168.0.4

passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS


ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@intranet.cshcc.org.hk
ldap.authentication.java.naming.security.authentication=simple

### LDAP Integration ###
synchronization.import.cron=0 0/5 * * * ?
synchronization.allowDeletions=false
synchronization.syncOnStartup=true
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.authCreatePeopleOnLogin=true
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://192.168.0.4:389
ldap.synchronization.java.naming.security.principal=alfresco@intranet.cshcc.org.hk
ldap.synchronization.java.naming.security.credentials=******
ldap.synchronization.groupSearchBase=dc=intranet,dc=cshcc,dc=org,dc=hk
ldap.synchronization.userSearchBase=dc=intranet,dc=cshcc,dc=org,dc=hk
ldap.synchronization.groupQuery=(objectclass\=*)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(objectclass\=*)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))

ldap.synchronization.queryBatchSize=10000
ldap.synchronization.attributeBatchSize=10000

Can anyone help ?

eswbitto
Confirmed Champ
Confirmed Champ
I think you need to define an OU where you have your groups located. Try that and see how it goes.