cancel
Showing results for 
Search instead for 
Did you mean: 

Group Synchronization issues

uptime365
Champ in-the-making
Champ in-the-making
Hi all,

I'm new here. I'm having certain issues with in alfresco - OpenLDAP integration  .

>> As soon as a full sync is run the groups that are previously synced from OpenLDAP server is getting deleted in alfresco.
>> All members of LDAP group are not imported to corresponding group in alfresco
>> Users that are getting created on alfresco have two entries with two different home dir's

/Company Home/User Homes/<username>
/Company Home/User Homes/<cn>

My configuration is as below,

1)  alfresco-global.properties to have the following:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

2) I have created the folders structure as below

shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1

3) the configuration is as below:  ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=cn=%s,ou=Testdir,o=Directory
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.1.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.security.principal=cn=Admin,o=Directory
ldap.authentication.java.naming.security.credentials=secret
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=Admin,o=Directory
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
dap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=Testdir,o=Directory
ldap.synchronization.userSearchBase=ou=Testdir,o=Directory
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=posixAccount
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.import.cron=0 0 * * * ?

Hoping somebody out there will help me on this, i've burned myself out  Smiley Sad

Thanks for the help
Uptime
3 REPLIES 3

uptime365
Champ in-the-making
Champ in-the-making
Logs :: groups getting deleted

=========
18:00:00,065 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Commencing batch of 0 entries
18:00:00,065 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Group Analysis: Completed batch of 0 entries
18:00:00,097 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since Aug 7, 2010 4:48:47 PM from user registry 'ldap1'
18:00:00,118 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Commencing batch of 0 entries
18:00:00,124 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 User Creation and Association: Completed batch of 0 entries
18:00:00,138 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Commencing batch of 1 entries
18:00:00,253 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Processed 1 entries out of 1. 100% complete. Rate: 8 per second. 0 failures detected.
18:00:00,253 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap1 Authority Deletion: Completed batch of 1 entries
18:00:00,253 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
18:00:00,253 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 1 group(s) processed
=========

The deleted group is still there in LDAP, and 'm not getting the slightest idea why it is getting deleted from alfresco.


Uptime

uptime365
Champ in-the-making
Champ in-the-making
Hi,

Still with it .. can someone help me out please…

Thanks,
Uptime

dward
Champ on-the-rise
Champ on-the-rise
Please set

log4j.logger.org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer=debug

in log4j.properties and provide the output in alfresco.log.

Please also provide LDIF dumps of a problematic user account and a problematic group.