cancel
Showing results for 
Search instead for 
Did you mean: 

samba4 AD ldap settings not synching

yaboc
Champ in-the-making
Champ in-the-making
Hi I'm trying to get ldap auth and sync working against alfresco without success

Can anyone please point me in the right direction to get it to work ?

Thank you

Here's what i currently have in global config

######AUTHENTIFICATION CHAIN####
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

######SUBSYSTEM AUTHENTIFICATION####

### SIMPLE AUTHENTIFICATION ###
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s

ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://10.18.66.5:389
ldap.authentication.allowGuestLogin=true

#####################################
###### SUBSYSTEM SYNCHRONISATION ####
#####################################

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=CN\=Mail Bind,OU\=BIND,DC\=wmpny,DC\=lan

ldap.synchronization.java.naming.security.credentials=mailpass

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.groupQuery=(objectclass=groupOfNames)

ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)

ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=OU\=Security Group,OU\=WMPNY,DC\=wmpny,DC\=lan

ldap.synchronization.userSearchBase=OU\=Users,OU\=1756,OU\=WMPNY,DC\=wmpny,DC\=lan

ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

################# ATTRIBUTE MAPPING #############
#### mapping to unique username in username attribute###
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userLastNameAttributeName=cn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.personType=(&(sAMAccountName={0})(objectClass=User)(!(objectClass=Computer)))
ldap.synchronization.active=true

ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true
####################################
###### SYNCHRONISATION SETTINGS ####
####################################

synchronization.autoCreatePeopleOnLogin=false

# full sync or only changes?
synchronization.synchronizeChangesOnly=false

# to sync on each alfresco startup
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=false

### DONT USE UNIX CRON EXPRESSION- USE QUARTZ CRON EXPRESSIONS!!!
### look here http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html
### synchronisation starts every 15 minutes!
synchronization.import.cron=0 0/5 * * * ?

1 REPLY 1

steven_okennedy
Star Contributor
Star Contributor
Hi

To get some more useful help here, you'll need to provide some more information with your request.  What's not working?  What are you seeing happen?  Log entries etc.

Alfresco subsystem configuration can be a little particular around where property values are placed, in that you need to create a suitable folder structure for Alfresco to look for the properties in.  See here for details: http://docs.alfresco.com/4.1/tasks/subsystem-classpath.html

Basically, in your case you need to make sure your properties related to the ldap subsystem go in a properties file related to the right instance of the ldap subsystem (there can be more than one in more complex configurations) e.g. tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/mychanges.properties as that's where Alfresco's going to look for the property values for this subsystem.

If this works, great! If not, look at the logs being produced by Alfresco at start up, specifically the ones where it says "Starting 'Authentication' subsystem" … "Startup of 'Authentication' subsystem […..] complete" and "Starting 'Synchronization' subsystem" … "Synchronizing users and groups with user registry 'ldap1'" … "Startup of 'Synchronization' subsystem […] complete"

Setting the log level of  org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer to DEBUG should also give some more clarity around what's happening when the synchronization process starts

Regards

Steven
Getting started

Tags


Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.