Cannot find user when trying to add him in a site

cancel
Showing results for 
Search instead for 
Did you mean: 
marius_d
Member II

Cannot find user when trying to add him in a site

Hi,

When I try to add an existing user to a site, the search query for user from Site Management section returns only the default Administrator user, although there are several other users added in alfresco (the sample ones from the sample site and also the ones synchronized from AD).

The AD users can login into alfresco. 

No error is found in logs.

Also, when the search is done as administrator from Admin Tools > Users page, all users are returned.

Now the details:

  1. Alfresco Community 6.1 using Tomcat 8, NginX, Postgresql11 on CentOS8
  2. alfresco-global.properties, ldap sync&authorization section
#authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
authentication.chain=ldap-ad1:ldap-ad
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@ad.local
ldap.authentication.java.naming.provider.url=ldap://192.168.1.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=alfresco.admin
ldap.authentication.java.naming.security.principal=alfresco.admin@ad.local
ldap.authentication.java.naming.security.credentials=secret

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco.admin@ad.local
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attibuteBatchSize=1000
synchronization.synchronizeChangesOnly=true
synchronization.allowDeletions=false
synchronization.syncWhenMissingPeopleLogIn=true

ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alfresco Admins,ou=Domain User,dc=ad,dc=local)(memberOf=cn\=Alfresco Users,ou=Domain User,dc=ad,dc=local)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alfresco Admins,ou=Domain User,dc=ad,dc=local)(memberOf=cn\=Alfresco Users,ou=Domain User,dc=ad,dc=local))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Domain User,dc\=ad,dc\=local
ldap.synchronization.userSearchBase=dc\=ad,dc\=local

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

Any ideas ?

Thanks.

 

10 Replies
angelborroy
Alfresco Employee

Re: Cannot find user when trying to add him in a site

Are you using SOLR 6?

Your users are using different browser languages to access Alfresco Share webapp?

What is the locale of your server?

Software Engineer in Alfresco Search Team.
marius_d
Member II

Re: Cannot find user when trying to add him in a site

Hi, 

1. Are you using SOLR 6?

Yes

2. Your users are using different browser languages to access Alfresco Share webapp?

No, Firefox/Chrome (Engrlish default)

3. What is the locale of your server?

System Locale: LANG=en_US.UTF-8
VC Keymap: us
X11 Layout: us

 

Thanks

angelborroy
Alfresco Employee

Re: Cannot find user when trying to add him in a site

If everything is in English, then multi language configuration should not be relevant.

Take a look anyway:

https://github.com/aborroy/search-services-cross-locale

Software Engineer in Alfresco Search Team.
marius_d
Member II

Re: Cannot find user when trying to add him in a site

Hi Angel,

 

I have the same settings in shared.properties file, so I think you are right, it's not from there.

Also I found that the Group Search works - and I can add the groups.

As you can see from my alfresco-global.property file I have the users from AD split in 2 groups Alfresco Users and Alfresco Admins. Can this be the reason why user search is not working ?

 

Thanks,

 

LUROXAN24
Member II

Re: Cannot find user when trying to add him in a site

Hello ,

Did you could fix the issue? I have same problem with my service.

 this is my alfresco_alfresco_alfresco-global.properties

 

#DB Configuration
db.driver=org.postgresql.Driver
db.url=jdbc:postgresql://postgres:5432/alfresco
db.username=alfresco
db.password=nX9b88slqooH1FM
db.pool.initial=100
db.pool.max=400
#db.pool.validate.query=select 1


#Solr configuration
solr.host=solr6
solr.port=8983
solr.secureComms=none
solr.base.url=/solr
index.subsystem.name=solr6

solr.backup.alfresco.cronExpression=0 30 2 * * ? 2050
solr.backup.archive.cronExpression=0 30 3 * * ? 2050
solr.backup.alfresco.remoteBackupLocation=${dir.root}/solrBackup/alfresco
solr.backup.archive.remoteBackupLocation=${dir.root}/solrBackup/archive
solr.backup.alfresco.numberToKeep=5
solr.backup.archive.numberToKeep=5

wcmqs.dynamicCollectionProcessor.schedule=0 30 2 * * ? 2060
wcmqs.feedbackProcessor.schedule=0 40 2 * * ? 2060
wcmqs.publishQueueProcessor.schedule=0 50 2 * * ? 2060

integrity.failOnError=true

#Data root

dir.root=/usr/local/tomcat/alf_data

#Plugin configuration
aos.baseUrlOverwrite=https://documentos-repo.bitel.com.pe/alfresco/aos
messaging.broker.url=failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true
deployment.method=DOCKER_COMPOSE
local.transform.service.enabled=true
localTransform.pdfrenderer.url=http://alfresco-pdf-renderer:8090/
localTransform.imagemagick.url=http://imagemagick:8090/
localTransform.libreoffice.url=http://libreoffice:8090/
localTransform.tika.url=http://tika:8090/
localTransform.misc.url=http://transform-misc:8090/
legacy.transform.service.enabled=true
alfresco-pdf-renderer.url=http://alfresco-pdf-renderer:8090/
jodconverter.url=http://libreoffice:8090/
img.url=http://imagemagick:8090/
tika.url=http://tika:8090/
transform.misc.url=http://transform-misc:8090/

transformserver.transformationTimeout=120
transformer.timeout.default=120


csrf.filter.enabled=false

#Email configuration

email.inbound.enabled=false
email.server.enabled=false

#Context configuration

alfresco.context=alfresco
alfresco.host=gestiondoc-repo.bitel.com.pe
alfresco.port=443
alfresco.protocol=https

share.context=share
share.host=gestiondoc.bitel.com.pe
share.port=443
share.protocol=https
#alfresco.rmi.services.host=0.0.0.0

opencmis.context.override=true
opencmis.context.value=
opencmis.servletpath.override=true
opencmis.servletpath.value=
opencmis.server.override=true
#Security configuration

cifs.enabled=false

#FTP configuration
ftp.enabled=false
ftp.port=1121
ftp.authenticator=alfresco

#Only Office
#onlyoffice.url=alfresco-doc.bitel.com.pe

#Active Directory configuration
ldap.authentication.active=true
authentication.chain=alfinst:alfrescoNtlm,ldap-bitel:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@viettelperu.com
ldap.authentication.java.naming.provider.url=ldap://viettelperu.com:389
ldap.authentication.defaultAdministratorUserNames=vinhbv,adminvtp
ldap.synchronization.java.naming.security.principal=alfresco@viettelperu.com
ldap.synchronization.java.naming.security.credentials=OW5PLsQ1iAoLVcvr27ua
ldap.synchronization.groupSearchBase=DC=viettelperu,DC=com
ldap.synchronization.userSearchBase=DC=viettelperu,DC=com
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronisation.personType=inetOrgPerson
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userEmailAttributeName=mail
ldap.synchronisation.userOrganizationalIdAttributeName=department
ldap.synchronisation.defaultHomeFolderProvider=Bitel

synchronization.externalUserControl=true
synchronization.externalUserControlSubsystemName=ldap-bitel



#ldap.authentication.active=true
#ldap.authentication.allowDeleteUser=true
#ldap.authentication.provider=com.sun.jndi.ldap.LdapCtxFactory
#ldap.authentication.url=ldap://10.121.13.9:389
#ldap.authentication.protcol=simple
#ldap.authentication.adminUser=
#ldap.authentication.adminPassword=
#ldap.authentication.guestLogin.allowed=false
#server.transaction.allow-writes=true
#user.name.caseSensitive=false
#personService.processDuplicates=true
#personService.duplicateMode=DELETE
#personService.lastIsBest=true
#personService.includeAutoCreated=true
#ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)
#ldap.synchronisation.personSearchBase=DC=viettelperu,DC=com

#ldap.synchronisation.groupQuery=(objectclass=AlfrescoGroup)
#ldap.synchronisation.groupSearchBase=DC=viettelperu,DC=com
#ldap.synchronisation.groupIdAttributeName=cn
#ldap.synchronisation.groupType=group

#ldap.synchronisation.groupMemberAttributeName=member
#ldap.synchronisation.import.person.cron=0 0 22 * * ?
#ldap.synchronisation.import.group.cron=0 45 21 * * ?
#ldap.synchronisation.import.group.clearAllChildren=false

 

 

user createduser createdtried to find user for add in a sitetried to find user for add in a site

LUROXAN24
Member II

Re: Cannot find user when trying to add him in a site

Hello,

anyone can help me with this issue?


@LUROXAN24 wrote:

Hello ,

Did you could fix the issue? I have same problem with my service.

 this is my alfresco_alfresco_alfresco-global.properties

 

#DB Configuration
db.driver=org.postgresql.Driver
db.url=jdbc:postgresql://postgres:5432/alfresco
db.username=alfresco
db.password=nX9b88slqooH1FM
db.pool.initial=100
db.pool.max=400
#db.pool.validate.query=select 1


#Solr configuration
solr.host=solr6
solr.port=8983
solr.secureComms=none
solr.base.url=/solr
index.subsystem.name=solr6

solr.backup.alfresco.cronExpression=0 30 2 * * ? 2050
solr.backup.archive.cronExpression=0 30 3 * * ? 2050
solr.backup.alfresco.remoteBackupLocation=${dir.root}/solrBackup/alfresco
solr.backup.archive.remoteBackupLocation=${dir.root}/solrBackup/archive
solr.backup.alfresco.numberToKeep=5
solr.backup.archive.numberToKeep=5

wcmqs.dynamicCollectionProcessor.schedule=0 30 2 * * ? 2060
wcmqs.feedbackProcessor.schedule=0 40 2 * * ? 2060
wcmqs.publishQueueProcessor.schedule=0 50 2 * * ? 2060

integrity.failOnError=true

#Data root

dir.root=/usr/local/tomcat/alf_data

#Plugin configuration
aos.baseUrlOverwrite=https://documentos-repo.bitel.com.pe/alfresco/aos
messaging.broker.url=failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true
deployment.method=DOCKER_COMPOSE
local.transform.service.enabled=true
localTransform.pdfrenderer.url=http://alfresco-pdf-renderer:8090/
localTransform.imagemagick.url=http://imagemagick:8090/
localTransform.libreoffice.url=http://libreoffice:8090/
localTransform.tika.url=http://tika:8090/
localTransform.misc.url=http://transform-misc:8090/
legacy.transform.service.enabled=true
alfresco-pdf-renderer.url=http://alfresco-pdf-renderer:8090/
jodconverter.url=http://libreoffice:8090/
img.url=http://imagemagick:8090/
tika.url=http://tika:8090/
transform.misc.url=http://transform-misc:8090/

transformserver.transformationTimeout=120
transformer.timeout.default=120


csrf.filter.enabled=false

#Email configuration

email.inbound.enabled=false
email.server.enabled=false

#Context configuration

alfresco.context=alfresco
alfresco.host=gestiondoc-repo.bitel.com.pe
alfresco.port=443
alfresco.protocol=https

share.context=share
share.host=gestiondoc.bitel.com.pe
share.port=443
share.protocol=https
#alfresco.rmi.services.host=0.0.0.0

opencmis.context.override=true
opencmis.context.value=
opencmis.servletpath.override=true
opencmis.servletpath.value=
opencmis.server.override=true
#Security configuration

cifs.enabled=false

#FTP configuration
ftp.enabled=false
ftp.port=1121
ftp.authenticator=alfresco

#Only Office
#onlyoffice.url=alfresco-doc.bitel.com.pe

#Active Directory configuration
ldap.authentication.active=true
authentication.chain=alfinst:alfrescoNtlm,ldap-bitel:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@viettelperu.com
ldap.authentication.java.naming.provider.url=ldap://viettelperu.com:389
ldap.authentication.defaultAdministratorUserNames=vinhbv,adminvtp
ldap.synchronization.java.naming.security.principal=alfresco@viettelperu.com
ldap.synchronization.java.naming.security.credentials=OW5PLsQ1iAoLVcvr27ua
ldap.synchronization.groupSearchBase=DC=viettelperu,DC=com
ldap.synchronization.userSearchBase=DC=viettelperu,DC=com
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronisation.personType=inetOrgPerson
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userEmailAttributeName=mail
ldap.synchronisation.userOrganizationalIdAttributeName=department
ldap.synchronisation.defaultHomeFolderProvider=Bitel

synchronization.externalUserControl=true
synchronization.externalUserControlSubsystemName=ldap-bitel



#ldap.authentication.active=true
#ldap.authentication.allowDeleteUser=true
#ldap.authentication.provider=com.sun.jndi.ldap.LdapCtxFactory
#ldap.authentication.url=ldap://10.121.13.9:389
#ldap.authentication.protcol=simple
#ldap.authentication.adminUser=
#ldap.authentication.adminPassword=
#ldap.authentication.guestLogin.allowed=false
#server.transaction.allow-writes=true
#user.name.caseSensitive=false
#personService.processDuplicates=true
#personService.duplicateMode=DELETE
#personService.lastIsBest=true
#personService.includeAutoCreated=true
#ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)
#ldap.synchronisation.personSearchBase=DC=viettelperu,DC=com

#ldap.synchronisation.groupQuery=(objectclass=AlfrescoGroup)
#ldap.synchronisation.groupSearchBase=DC=viettelperu,DC=com
#ldap.synchronisation.groupIdAttributeName=cn
#ldap.synchronisation.groupType=group

#ldap.synchronisation.groupMemberAttributeName=member
#ldap.synchronisation.import.person.cron=0 0 22 * * ?
#ldap.synchronisation.import.group.cron=0 45 21 * * ?
#ldap.synchronisation.import.group.clearAllChildren=false

 

 

user createduser createdtried to find user for add in a sitetried to find user for add in a site


 

marius_dumitrac
Active Member II

Re: Cannot find user when trying to add him in a site

Hi,

It seems that this is a known issue with alfresco 6.1 (I cannot find the link to the original post that provides the solution).

In my case the solution was the following:

1. open the share-config.xml file located in: <Tomcat_Home>/webapps/share/WEB-INF/classes/alfresco folder

2. modify the property show-authorization-status from true to false

<show-authorization-status>true</show-authorization-status>
to
<show-authorization-status>false</show-authorization-status>
3. restart tomcat
 
Hope this will help you.
 
Thanks
Marius
LUROXAN24
Member II

Re: Cannot find user when trying to add him in a site

Hello Dear Marius,

i reviewed the current configuration and the value is set as you asked to change.

 

image.png

 

Do you know is there any support area to scalate the issue.

 

thanks in advance,

Joaquin

EddieMay
Community Manager
Community Manager

Re: Cannot find user when trying to add him in a site

Hi @LUROXAN24 

There is no official support provided for Community Edition users.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!