ldap-ad subsystem - sync error

cancel
Showing results for 
Search instead for 
Did you mean: 
Member II

ldap-ad subsystem - sync error

Hi, I have configured authentication and synchronization with ldap-ad subsystem and got errors in alfresco.log. Can anybody help please? Thanks!  (I have used the doc in http://docs.alfresco.com/6.0/concepts/auth-ldap-props.html)

Community - 6.1.2 (r4fe1d0d0-b205)
Repository Information
Edition: Community
Version Number: 6.1.2 (r4fe1d0d0-b205)
Version Label:Alfresco Content Services version and build number.
Schema: 13 001Alfresco Content Services database schema number.
Repository Identifier: bd79a43e-b957-4c59-856e-81d68192eb44Unique identifier for this repository instance.
System Information
Java Home: C:\Program Files\Java\jdk-12.0.1
Java Version: 12.0.1
Java VM Vendor: Oracle Corporation
Operating System: Windows Server 2016
Version: 10.0
Architecture: amd64

My alfresco.log shows:

2019-05-31 13:58:35,336 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
2019-05-31 13:58:35,451 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1] complete
2019-05-31 13:58:35,451 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
2019-05-31 13:58:35,726 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] LDAP server supports anonymous bind ldaps://srv-dc03.emel.sk:636
2019-05-31 13:58:36,014 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete

Couple o lines later comes this:


2019-05-31 13:58:47,877 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2019-05-31 13:58:47,917 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2019-05-31 13:58:47,991 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 04310018 Error during LDAP Search. Reason:[LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=emel,DC=sk'
]
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1335)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:713)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:993)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:739)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.access$16(ChainingUserRegistrySynchronizer.java:474)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:2138)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:623)

more from log in attachement.

My alfresco-global.properties for ldap-ad are:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldaps://xxx.emel.sk:636
ldap.synchronization.java.naming.security.principal=yyy@emel.sk
ldap.synchronization.java.naming.security.credentials=zzz
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupSearchBase=cn\=users,ou=EMEL,dc=emel,dc=sk
ldap.synchronization.userSearchBase=cn\=users,ou=EMEL Users,ou=Customizacia,dc=emel,dc=sk
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
cifs.enabled=false


					
				
			
			
				
			
			
				
			
			
			
			
			
			
		
1 Reply
Member II

Re: ldap-ad subsystem - sync error

I think I found a solution which worked for me :-) after two weeks...

The problems are the "non existing" space in CN entry after comma.

For me its working with this entries

ldap.synchronization.groupSearchBase=OU=EMEL Users, DC=emel, DC=sk
ldap.synchronization.userSearchBase=OU=Customizacia, OU=EMEL Users, DC=emel, DC=sk

Cheers!