Alfresco Community 201704 | LDAP and Apache Direct...

fmatias · ‎23 May 2017

Hi guys,
I'm facing some difficulties to configure the Alfresco Community 201704 with LDAP using the Apache Directory Studio. I read in some foruns a lot of different ways configure these two solutions, one for 201704 version and others for older versions of Alfresco.

I was in the topic alfresco - Ldap and alfresco 5.2 synchronization - Stack Overflow, but even doing the changes only for my server, still I hadn't success to use the users and passwords from Apache Directory Studio, that in another application is working well.
I pasted down below the code that I put in the file "alfresco-global.properties" in \Alfresco\tomcat\shared\classes\.

### LDAP connection ###
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false
ldap.synchronization.java.naming.security.authentication=simple

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system
ldap.authentication.java.naming.provider.url=[MYDOMAIN]
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco, admin
ldap.synchronization.java.naming.security.principal=uid=admin,ou=system
ldap.synchronization.java.naming.security.credentials=[MYPASSWORD]
ldap.synchronization.active=true

#ldap.synchronization.groupQuery=(objectclass=groupOfNames)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

#ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
#ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

# Group
ldap.synchronization.groupSearchBase=ou=groups,ou=system

# User
ldap.synchronization.userSearchBase=ou=users,ou=system
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail

# Sync
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.import.cron=0 */15 * * * ?
create.missing.people=false

So, if you have any idea what is happining I'll be glad to know your answer and help.

Thanks in advance.

Fábio

mehe · ‎24 May 2017

You can use the ldap browser/client apache directory studio to test your person and group queries.

In your properties, these are commented out - I suppose this is just by mistake.

To force a full sync on startup you could try to set your differential queries to the same value as the full queries (just for a test, reset it to the original value for normal use).

Is there any error in the alfresco.log or Catalina.out?

fmatias · ‎24 May 2017

Hi Martin,
These comments I put in my second try, in the first try they weren't there. But the result still is the same (see down below). I'm analysing the logs here. But anyway, I was wondering if the path that I installed both applications is not the reason of the problem. I didn't use the "C:\Program Files (x86)", but another directory like "F:\Alfresco\". In this case, possibly, I must do some changes in catalina.proporties or another file, right?

Thank you once more!

Fabio

fmatias · ‎24 May 2017

Hi Martin,

Please, check my answer down below.

Regards,

Fabio

mehe · ‎24 May 2017

Hi Fabio,

Installing in F:\Alfresco is fine - better then using c:\Program.... because alfresco put its data directory (alf_data) under the install-root in the default Installation.

If not already done: You should check your alfresco and tomcat logs for errors and the messages of the ldap-sync. Under Linux they are called alfresco.log (sometimes in the install root) and Catalina.out (install root/tomcat/logs) - don't know the filenames under Windows.

Did you use the alfresco installer?

fmatias · ‎24 May 2017

Yes, Martin!

Now it worked. I restarted the server, and I commented only the line down below:

#ldap.synchronization.groupQuery=(objectclass=groupOfNames)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfNames)(!(modifyTimestamp<\={0})))

The other one is without comments, see:

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<\={0})))

Thank for your support!

Fábio

mehe · ‎24 May 2017

Good to hear you got it working

Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

Re: Alfresco Community 201704 | LDAP and Apache Directory Studio | alfresco-global.properties

We use cookies on this site to enhance your user experience