06-20-2023 08:44 AM
I have a peculiar problem where Alfresco (5 and 6.2) polls our Active Directory LDAP millions of times per day when we don't even do that many uploads to Alfresco. We upload documents to Alfresco via Chronoscan OCR tool. The Chronoscan tool would have to get permission from the LDAP when uploading documents to Alfresco.
We have about 12000 users in our Active Directory LDAP. Is there any way Alfresco syncronisation settings can cause this issue? If so, what could I do?
06-21-2023 03:55 AM
Hi:
Normally ldap sync job is run daily. Please check the ldap cronjob (synchronization.import.cron), maybe you have some problem with the expression.
On the other side check if your configuration is doing or forced to do full syncs (synchronization.synchronizeChangesOnly). With an active directory of 12k users this may be a bad strategy.
Finally check, the sync user on login properties (synchronization.syncWhenMissingPeopleLogIn or synchronization.autoCreatePeopleOnLogin).
Add sync related logs to have more information.
https://docs.alfresco.com/content-services/community/admin/auth-sync/#configure-synchronization
Regards.
--C.
06-21-2023 09:58 AM
Yes, your guess is right. It has to do with your sync settings.
Alfresco Docs - Set up authentication and sync Check the configurations related to frequency of sync. You may want to use "differential" sync mode (synchronization.synchronizeChangesOnly).
Sync trigger should be "scheduled" or "startup" (synchronization.syncOnStartup)
To prevent all users getting synced you will have to change your query
ldap.synchronization.groupSearchBase=ou=ad2,ou=Alfresco\ ,dc=domain,dc=com ldap.synchronization.userSearchBase=ou=ad2,ou=Alfresco,dc=domain,dc=com
These properties ensures only matching group and users are synced. You can talk to your LDAP admin team and create some unique ou for your system user and then use that ou in the query. This way you can prevent all other users from syncing to alfresco.
Explore our Alfresco products with the links below. Use labels to filter content by product module.