05-23-2017 11:14 AM
Hi guys,
I'm facing some difficulties to configure the Alfresco Community 201704 with LDAP using the Apache Directory Studio. I read in some foruns a lot of different ways configure these two solutions, one for 201704 version and others for older versions of Alfresco.
I was in the topic alfresco - Ldap and alfresco 5.2 synchronization - Stack Overflow, but even doing the changes only for my server, still I hadn't success to use the users and passwords from Apache Directory Studio, that in another application is working well.
I pasted down below the code that I put in the file "alfresco-global.properties" in \Alfresco\tomcat\shared\classes\.
### LDAP connection ###
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.synchronization.java.naming.security.authentication=simple
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system
ldap.authentication.java.naming.provider.url=[MYDOMAIN]
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco, admin
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=[MYPASSWORD]
ldap.synchronization.active=true
#ldap.synchronization.groupQuery=(objectclass=groupOfNames)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
#ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))
# Group
ldap.synchronization.groupSearchBase=ou=groups,ou=system
# User
ldap.synchronization.userSearchBase=ou=users,ou=system
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
# Sync
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.import.cron=0 */15 * * * ?
create.missing.people=false
So, if you have any idea what is happining I'll be glad to know your answer and help.
Thanks in advance.
Fábio
05-23-2017 09:57 PM
You can use the ldap browser/client apache directory studio to test your person and group queries.
In your properties, these are commented out - I suppose this is just by mistake.
To force a full sync on startup you could try to set your differential queries to the same value as the full queries (just for a test, reset it to the original value for normal use).
Is there any error in the alfresco.log or Catalina.out?
05-24-2017 06:26 AM
Hi Martin,
Please, check my answer down below.
Regards,
Fabio
05-24-2017 09:28 AM
Hi Fabio,
Installing in F:\Alfresco is fine - better then using c:\Program.... because alfresco put its data directory (alf_data) under the install-root in the default Installation.
If not already done: You should check your alfresco and tomcat logs for errors and the messages of the ldap-sync. Under Linux they are called alfresco.log (sometimes in the install root) and Catalina.out (install root/tomcat/logs) - don't know the filenames under Windows.
Did you use the alfresco installer?
05-24-2017 01:35 PM
Yes, Martin!
Now it worked. I restarted the server, and I commented only the line down below:
#ldap.synchronization.groupQuery=(objectclass=groupOfNames)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))
The other one is without comments, see:
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))
Thank for your support!
Fábio
Explore our Alfresco products with the links below. Use labels to filter content by product module.