Alfresco 7.1 problem synchronize with LDAP

rbelfils · ‎19 Sep 2023

Hello ,

i have some problem with sync LDAP .

Alfresco start to sync but failed.

2023-09-19 10:07:50,044  INFO  [management.subsystems.ChildApplicationContextFactory] [http-nio-8080-exec-5] Startup of 'Search' subsystem, ID: [Search, managed, solr6] complete
2023-09-19T10:08:54.730817023Z 2023-09-19 10:08:54,730  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ldap1-ad'
2023-09-19T10:08:54.730856122Z 2023-09-19 10:08:54,730  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2023-09-19T10:08:54.778505718Z 2023-09-19 10:08:54,778  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving all groups from user registry 'ldap1-ad'
2023-09-19T10:10:55.310029421Z 2023-09-19 10:10:55,309  WARN  [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-3] Failed to resolve member of group 'zzzzRecettes-iTop' with distinguished name: CN=Thomas FERRAZ - Teamwork,OU=ou_Contacts_Externe,OU=ZAdminAlptis,DC=alptis,DC=local
2023-09-19T10:11:12.602004506Z 2023-09-19 10:11:12,601  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Commencing batch of 1447 entries
2023-09-19T10:11:13.054824493Z 2023-09-19 10:11:13,054  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 100 entries out of 1447. 7% complete. Rate: 220 per second. 0 failures detected.
2023-09-19T10:11:13.447487759Z 2023-09-19 10:11:13,447  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 200 entries out of 1447. 14% complete. Rate: 236 per second. 0 failures detected.
2023-09-19T10:11:13.812573178Z 2023-09-19 10:11:13,812  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 300 entries out of 1447. 21% complete. Rate: 247 per second. 0 failures detected.
2023-09-19T10:11:14.201224373Z 2023-09-19 10:11:14,200  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 400 entries out of 1447. 28% complete. Rate: 250 per second. 0 failures detected.
2023-09-19T10:11:14.556970721Z 2023-09-19 10:11:14,556  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 500 entries out of 1447. 35% complete. Rate: 255 per second. 0 failures detected.
2023-09-19T10:11:15.012058635Z 2023-09-19 10:11:15,011  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 600 entries out of 1447. 41% complete. Rate: 248 per second. 0 failures detected.
2023-09-19T10:11:15.443136710Z 2023-09-19 10:11:15,442  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 700 entries out of 1447. 48% complete. Rate: 246 per second. 0 failures detected.
2023-09-19T10:11:16.302546563Z 2023-09-19 10:11:16,302  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 800 entries out of 1447. 55% complete. Rate: 216 per second. 0 failures detected.
2023-09-19T10:11:16.699533387Z 2023-09-19 10:11:16,699  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 900 entries out of 1447. 62% complete. Rate: 219 per second. 0 failures detected.
2023-09-19T10:11:17.032435260Z 2023-09-19 10:11:17,032  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1000 entries out of 1447. 69% complete. Rate: 225 per second. 0 failures detected.
2023-09-19T10:11:17.287481586Z 2023-09-19 10:11:17,287  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1100 entries out of 1447. 76% complete. Rate: 234 per second. 0 failures detected.
2023-09-19T10:11:17.764118244Z 2023-09-19 10:11:17,763  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1200 entries out of 1447. 83% complete. Rate: 232 per second. 0 failures detected.
2023-09-19T10:11:18.089037550Z 2023-09-19 10:11:18,088  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1300 entries out of 1447. 90% complete. Rate: 236 per second. 0 failures detected.
2023-09-19T10:11:18.427441426Z 2023-09-19 10:11:18,427  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1400 entries out of 1447. 97% complete. Rate: 240 per second. 0 failures detected.
2023-09-19T10:11:18.541540425Z 2023-09-19 10:11:18,541  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Processed 1447 entries out of 1447. 100% complete. Rate: 243 per second. 0 failures detected.
2023-09-19T10:11:18.541569975Z 2023-09-19 10:11:18,541  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ldap1-ad,id2=1 Group Analysis: Completed batch of 1447 entries
2023-09-19T10:12:22.784214830Z 2023-09-19 10:12:22,781  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.784275750Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null
2023-09-19T10:12:22.784284995Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1346)
2023-09-19T10:12:22.784289365Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:584)
2023-09-19T10:12:22.784305878Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)
2023-09-19T10:12:22.784308809Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.access$5(ChainingUserRegistrySynchronizer.java:1465)
2023-09-19T10:12:22.784311069Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1751)
2023-09-19T10:12:22.784313185Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
2023-09-19T10:12:22.784315512Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:471)
2023-09-19T10:12:22.784317797Z 	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:53)
2023-09-19T10:12:22.784319884Z 	at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:602)
2023-09-19T10:12:22.784322799Z 	at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:49)
2023-09-19T10:12:22.784324851Z 	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
2023-09-19T10:12:22.784326847Z 	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
2023-09-19T10:12:22.784328797Z Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]]
2023-09-19T10:12:22.784330938Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237)
2023-09-19T10:12:22.784332951Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189)
2023-09-19T10:12:22.784336844Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1327)
2023-09-19T10:12:22.784339010Z 	... 11 more
2023-09-19T10:12:22.784340948Z Caused by: javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
2023-09-19T10:12:22.784343007Z 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96)
2023-09-19T10:12:22.784345094Z 	at java.naming/com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151)
2023-09-19T10:12:22.784347055Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325)
2023-09-19T10:12:22.784371734Z 	at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227)
2023-09-19T10:12:22.784376002Z 	... 13 more
2023-09-19T10:12:22.784378183Z Caused by: java.net.ConnectException: Connection refused (Connection refused)
2023-09-19T10:12:22.784380279Z 	at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
2023-09-19T10:12:22.784386579Z 	at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
2023-09-19T10:12:22.784388849Z 	at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
2023-09-19T10:12:22.784390820Z 	at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
2023-09-19T10:12:22.784392825Z 	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
2023-09-19T10:12:22.784394772Z 	at java.base/java.net.Socket.connect(Socket.java:609)
2023-09-19T10:12:22.784396660Z 	at java.base/java.net.Socket.connect(Socket.java:558)
2023-09-19T10:12:22.784398447Z 	at java.base/java.net.Socket.<init>(Socket.java:454)
2023-09-19T10:12:22.784400499Z 	at java.base/java.net.Socket.<init>(Socket.java:231)
2023-09-19T10:12:22.784402403Z 	at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:345)
2023-09-19T10:12:22.784404310Z 	at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:231)
2023-09-19T10:12:22.784442419Z 	at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
2023-09-19T10:12:22.784460807Z 	at java.naming/com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
2023-09-19T10:12:22.784475214Z 	at java.naming/com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
2023-09-19T10:12:22.784484519Z 	at java.naming/com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
2023-09-19T10:12:22.784493686Z 	at java.naming/com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:340)
2023-09-19T10:12:22.784620914Z 	at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
2023-09-19T10:12:22.784662831Z 	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
2023-09-19T10:12:22.784684381Z 	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
2023-09-19T10:12:22.784702073Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
2023-09-19T10:12:22.784732662Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
2023-09-19T10:12:22.784745989Z 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:183)
2023-09-19T10:12:22.784780532Z 	at java.naming/com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
2023-09-19T10:12:22.784806426Z 	at java.naming/javax.naming.spi.NamingManager.getURLObject(NamingManager.java:624)
2023-09-19T10:12:22.784831167Z 	at java.naming/javax.naming.spi.NamingManager.processURL(NamingManager.java:401)
2023-09-19T10:12:22.784879106Z 	at java.naming/javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:381)
2023-09-19T10:12:22.784916477Z 	at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:353)
2023-09-19T10:12:22.785048548Z 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119)
2023-09-19T10:12:22.785072289Z 	... 16 more
2023-09-19T10:12:22.806742581Z 2023-09-19 10:12:22,806  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.806775031Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null
2023-09-19T10:12:22.806778632Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1346)
2023-09-19T10:12:22.806781025Z 	at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersonNames(LDAPUserRegistry.java:584)
2023-09-19T10:12:22.806783194Z 	at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1Analyzer.processGroups(ChainingUserRegistrySynchronizer.java:1500)

....
2023-09-19T10:12:22.814202259Z 	at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:353)
2023-09-19T10:12:22.814244642Z 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119)
2023-09-19T10:12:22.814275667Z 	... 16 more
Caused by: javax.naming.CommunicationException: entreprise.local:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)] 2023-09-19T10:12:22.806817166Z at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96)

Log alfresco try to connect to entreprise.local:389 but real url set is ldap://masterad.infra.entreprise.local:389

but have this error :
2023-09-19T10:12:22.784214830Z 2023-09-19 10:12:22,781 ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization aborted due to error
2023-09-19T10:12:22.784275750Z org.alfresco.error.AlfrescoRuntimeException: 08190033 Error during LDAP Search. Reason:null

someone can help me ?

thx a lot

fedorow · ‎19 Sep 2023

Connection refused

Check the connection and authantication first. Look into LDAP server logs too.

It you want to get help here, please add you LDAP configuration.

fedorow · ‎19 Sep 2023

If you suspect the wrong host, check your ldap.authentication.java.naming.provider.url propertie. You can do it, for example, with OOTBee Support Tools in the https://your-domain.com/alfresco/s/ootbee/admin/system-information.

rbelfils · ‎19 Sep 2023

Alfresco start to sync users + groups and crash.


# désactivation de la création automatique de personne
# sinon une personne connue de kerberos mais pas de la synchro serai quand même créée
synchronization.autoCreatePeopleOnLogin=false
# permet d'activer/déactiver la synchronisation LDAP au démarrage de la ged
synchronization.syncOnStartup=false
synchronization.synchronizeChangesOnly=true

# Authentification LDAP
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false

# Formatage du nom d?utilisateur Alptis
ldap.authentication.userNameFormat=%s@alptis.local

# URL d?accès au LDAP
ldap.authentication.java.naming.provider.url=ldap://masterad.infra.entreprise.local:389

# LDAP Principal utilisé pour la connexion au LDAP
ldap.synchronization.java.naming.security.principal=alfresco_adm@entreprise.local
ldap.synchronization.java.naming.security.credentials=********

# Attribut permettant de déclencher la synchronisation différentielle
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

# Requêtes LDAP permettant de définir la liste des groupes LDAP à synchroniser & requêtes différentielles & complètes
ldap.synchronization.groupSearchBase=ou=uo_groupes_globaux, ou=ZAdminAlptis, dc=alptis, dc=local
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

# Requêtes LDAP permettant de définir la liste des utilisateurs LDAP à synchroniser & requêtes différentielles & complètes
ldap.synchronization.userSearchBase=dc=alptis, dc=local
ldap.synchronization.personQuery=(&(objectClass=user)(objectCategory=person)(l=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
ldap.synchronization.personDifferentialQuery=(&(objectClass=user)(objectCategory=person)(l=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(modifyTimestamp<\={0})))