AD Synchronization : The Guest user cannot be deleted
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-30-2015 06:29 AM
Hello,
I have Alfresco community 4.2.f installed in Windows Server 2008 R2 and syncronized very well with AD, but I have an error in afresco.log file every every day at midnight (see attachement):
So I have added these line but nothing was changed.
this is what I added in my ldap-ad-authentication.properties:
————————————————————-
### Disable user removals. If false, then no sync job will be allowed to delete users or groups
synchronization.allowDeletions=false
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(!(cn=Guest))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(!(cn=Guest))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
any help!!
I have Alfresco community 4.2.f installed in Windows Server 2008 R2 and syncronized very well with AD, but I have an error in afresco.log file every every day at midnight (see attachement):
So I have added these line but nothing was changed.
this is what I added in my ldap-ad-authentication.properties:
————————————————————-
### Disable user removals. If false, then no sync job will be allowed to delete users or groups
synchronization.allowDeletions=false
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(!(cn=Guest))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(!(cn=Guest))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
any help!!
Labels:
- Labels:
-
Archive
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-30-2015 08:41 AM
Do you have a user called "guest" in your LDAP directory? If so you will need to exclude it from the sync because "guest" is one of the few reserved names in alfresco.
You can't sync "Guest", "Admin" or "EVERYONE".
You can't sync "Guest", "Admin" or "EVERYONE".
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-30-2015 09:04 AM
Active Directory create by default a guest user in the users directry. to exluded "guest" user from synchronization, I added these line into my ldap-ad-authentication.properties (mentioned in my first comment)
NB: I created a reserved Unit Organization for my users and this is my config to do synchronization only with my users
———————————-
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU\=EPR,DC\=epr, DC\=lan
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=OU\=EPR,DC\=epr,DC\=lan
———————————
NB: I created a reserved Unit Organization for my users and this is my config to do synchronization only with my users
———————————-
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU\=EPR,DC\=epr, DC\=lan
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=OU\=EPR,DC\=epr,DC\=lan
———————————
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-02-2015 05:49 AM
any help will be greatly appreciated !?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-04-2015 05:25 AM
I found this blog who talk about the solution of my issue. But I can't resolve it yet
http://www.giuseppeurso.eu/en/alfresco-tips-and-tricks-15-ldap-error-guest-user-cannot-be-deleted/
http://www.giuseppeurso.eu/en/alfresco-tips-and-tricks-15-ldap-error-guest-user-cannot-be-deleted/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2016 11:04 PM
Having the same issue. Any update on how to fix this?