cancel
Showing results for 
Search instead for 
Did you mean: 

SOLVED LDAP sync - reset user fields to first time value

avtor
Champ in-the-making
Champ in-the-making
Hi all!

We have the following:


    alfresco 4.2.1 EE (without support yet, just for test)
    Ubuntu 12.04.4


By use the example in alfresco docs: «Example: authentication and synchronization with one ldap-ad subsystem» , I have setup ldap sync in the following manner:


alfresco-global.properties:


### authentication ###
authentication.chain=kerberos1:kerberos,ldap1:ldap-ad

### LDAP ###
ldap.authentication.allowGuestLogin=false
ldap.authentication.active=false
ldap.authentication.userNameFormat=%s@avtor.ru
ldap.authentication.java.naming.provider.url=ldap://smb
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.java.naming.security.principal=reader@avtor.ru
ldap.synchronization.java.naming.security.credentials=Jlyfljlktnjv44
ldap.synchronization.userSearchBase=CN=Users,DC=avtor,DC=ru
ldap.synchronization.groupSearchBase=CN=Users,DC=avtor,DC=ru

### CRON ###
synchronization.import.cron=1 */5 * * * ? *


After that I have some protected fields in a user profile. For example an e-mail field.

So, my problem step by step:

1. Create a user in a LDAP-ad: chapaev , Vasiliy Chapaev , email: chapaev@yandex.ru

2. Login with the user in alfresco, enter to it's profile and see the protected fields with correct e-mail and so on.

For example: field with e-mail has address: chapaev@yandex.ru

3. After that I change his e-mail in LDAP-ad console (for example): change FROM chapaev@yandex.ru TO chapaeff@mail.com

4. After some minutes (just see my cron settings), I see a new value in e-mail field. It looks like this: chapaeff@mail.com - It's OK!

5. I want to setup any other info in a user profile use UNPROTECTED fields: for example setup an user avatar, or setup a mobile phone. - For example, enter a mobile phone.

After save changes I see the following:

I see my mobile phone and OLD value in protected e-mail field! In my case I see: chapaev@yandex.ru again… But LDAP has NEW value chapaeff@mail.com!

The mail field has an old value until I change LDAP-ad entry time stamp for a new full sync of entry.

I think alfresco has a cache with first time value. It's bad.

Can you help me with it?


1 REPLY 1

avtor
Champ in-the-making
Champ in-the-making
You need to logout a user before fullsync from LDAP to alfresco because alfresco share has a cache with user data.