Hi,
When I try to add an existing user to a site, the search query for user from Site Management section returns only the default Administrator user, although there are several other users added in alfresco (the sample ones from the sample site and also the ones synchronized from AD).
The AD users can login into alfresco.
No error is found in logs.
Also, when the search is done as administrator from Admin Tools > Users page, all users are returned.
Now the details:
- Alfresco Community 6.1 using Tomcat 8, NginX, Postgresql11 on CentOS8
- alfresco-global.properties, ldap sync&authorization section
#authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
authentication.chain=ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@ad.local
ldap.authentication.java.naming.provider.url=ldap://192.168.1.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=alfresco.admin
ldap.authentication.java.naming.security.principal=alfresco.admin@ad.local
ldap.authentication.java.naming.security.credentials=secret
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco.admin@ad.local
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attibuteBatchSize=1000
synchronization.synchronizeChangesOnly=true
synchronization.allowDeletions=false
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alfresco Admins,ou=Domain User,dc=ad,dc=local)(memberOf=cn\=Alfresco Users,ou=Domain User,dc=ad,dc=local)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alfresco Admins,ou=Domain User,dc=ad,dc=local)(memberOf=cn\=Alfresco Users,ou=Domain User,dc=ad,dc=local))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Domain User,dc\=ad,dc\=local
ldap.synchronization.userSearchBase=dc\=ad,dc\=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
Any ideas ?
Thanks.
