Unable to sync various AD LDAP attributes

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Unable to sync various AD LDAP attributes

I have a Windows 2016 AD environment. I have installed Alfresco and configured LDAP. The authentication works fine. I am trying to sync various attributes of LDAP. Its not working. Only the company field gets synced. Kindly help. Below is my configuration

_______________________________________________________________________________________________


###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-community/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=welcome
db.name=alfresco
db.url=jdbcSmiley Tongueostgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert

jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=ed1939sd77s82e8d952887e7d7s88sa1e3dde

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=/opt/alfresco-community

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false

### SSO ###
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=Auth-User
external.authentication.userIdPattern=
### LDAP Integration ###
ldap.authentication.active=true
synchronization.import.cron=0 0/1 * * * ?
create.missing.people=true
ldap.authentication.userNameFormat=%s@test.local
ldap.synchronization.syncOnStartup=false
synchronization.synchronizeChangesOnly=false
ldap.synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.authCreatePeopleOnLogin=true
### LDAP synchronization ###
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://10.10.8.19:389
ldap.synchronization.java.naming.security.principal=user1@test.local
ldap.synchronization.java.naming.security.credentials=welcome
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(objectclass\=user)
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.groupSearchBase=dc\=test,dc\=local
ldap.synchronization.userSearchBase=dc\=test,dc\=local
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userOrganizationAttributeName=department
ldap.synchronization.userLocationAttributeName=physicalDeliveryOfficeName
ldap.synchronization.userMobileAttributeName=mobile
ldap.synchronization.userCompanyPostCodeAttributeName=postalCode
ldap.synchronization.userCompanyFaxAttributeName=facsimileTelephoneNumber
ldap.synchronization.userCompanyTelephoneAttributeName=telephoneNumber
ldap.synchronization.userCompanyEmailAttributeName=mail
ldap.synchronization.userTelephoneAttributeName=homePhone
ldap.synchronization.userCompanyAddress1AttributeName=streetAddress
ldap.synchronization.enableProgressEstimation=true

11 Replies
Highlighted
Alfresco Employee

Re: Unable to sync various AD LDAP attributes

Only following attributes are included in synchronisation process:

<entry key="cm:userName">
<!-- Must match the same attribute as userIdAttributeName -->
<value>${ldap.synchronization.userIdAttributeName}</value>
</entry>
<entry key="cm:firstName">
<!-- OpenLDAP: "givenName" -->
<!-- Active Directory: "givenName" -->
<value>${ldap.synchronization.userFirstNameAttributeName}</value>
</entry>
<entry key="cm:lastName">
<!-- OpenLDAP: "sn" -->
<!-- Active Directory: "sn" -->
<value>${ldap.synchronization.userLastNameAttributeName}</value>
</entry>
<entry key="cm:email">
<!-- OpenLDAP: "mail" -->
<!-- Active Directory: "???" -->
<value>${ldap.synchronization.userEmailAttributeName}</value>
</entry>
<entry key="cmSmiley Surprisedrganization">
<!-- OpenLDAP: "o" -->
<!-- Active Directory: "???" -->
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>
</entry>
<!-- This deprecated property has been replaced by "cmSmiley Surprisedrganization". We will use the same mapping -->
<entry key="cmSmiley SurprisedrganizationId">
<!-- OpenLDAP: "o" -->
<!-- Active Directory: "???" -->
<value>${ldap.synchronization.userOrganizationalIdAttributeName}</value>

Look at https://github.com/Alfresco/community-edition-old/blob/2c1eff9953d3105e738f7b06ba9ba8a079ca4c24/proj... 

Software Engineer in Alfresco Search Team.
Highlighted
Member II

Re: Unable to sync various AD LDAP attributes

Dear Borroy

Thank you for your kind reply. So you mean to say we cannot sync the Attributes from AD like title, telephoneNumber, mobile, thumbnailPhoto etc? Kindly advice is there any way we can sync the same with Alfresco.

Thanks in advance

Highlighted
Alfresco Employee

Re: Unable to sync various AD LDAP attributes

You should extend that Spring Bean in order to add your AD properties.

Probably this would help: http://blog.seyfi.net/2010/05/adding-ad-attributes-to-alfresco-user.html

Software Engineer in Alfresco Search Team.
Highlighted
Member II

Re: Unable to sync various AD LDAP attributes

Dear Borroy, 

Thank you for the advice.. I have been trying since your reply and still no luck. I will explain what I did..

I am have added the following in opt/alfresco-community/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap4/ldap4.xml file.

=========================================================================================

<property name="personAttributeMapping">
<map>
-----------------------------------
<!-- Added attributes -->
<entry key="cm:telephone">
<value>${ldap.synchronization.userCompanyTelephoneAttributeName}</value>
</entry>
<entry key="cm:jobtitle">
<value>${ldap.synchronization.userJobTitleAttributeName}</value>
</entry>
<entry key="cm:location">
<value>${ldap.synchronization.userLocationAttributeName}</value>
</entry>
<entry key="cm:mobile">
<value>${ldap.synchronization.userMobileAttributeName}</value>
</entry>
<entry key="cm:manager">
<value>${ldap.synchronization.userManagerAttributeName}</value>
</entry>

<!-- Always use the default -->
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>

Added following values in the properties file. 

ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userCompanyTelephoneAttributeName=telephoneNumber

Restarted the server. Still not syncing.. Please help

Highlighted
Alfresco Employee

Re: Unable to sync various AD LDAP attributes

And also having "ldap4" on authentication chain?

Software Engineer in Alfresco Search Team.
Highlighted
Member II

Re: Unable to sync various AD LDAP attributes

Yes..

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap4:ldap-ad
synchronization.import.cron=0 0/1 * * * ?
synchronization.synchronizeChangesOnly=false

I want to populate title, mobile, telephoneNumber, thumbnailPhoto. 

Highlighted
Alfresco Employee

Re: Unable to sync various AD LDAP attributes

I understand you've included all Spring LDAP beans related configuration, right?

Probably this sample could help you https://github.com/magenta-aps/ldap-multi-search-base/blob/master/src/main/amp/config/alfresco/exten...

Software Engineer in Alfresco Search Team.
Highlighted
Member II

Re: Unable to sync various AD LDAP attributes

I have already gone through this link. It didn't help. It has no mention of job title, mobile number, telephone etc..

Highlighted
Alfresco Employee

Re: Unable to sync various AD LDAP attributes

You can complete your task with the link, as it includes the different beans you have to override. Is not enough including just only "properties" bean (which in fact is not a bean, it's just only a property)

Software Engineer in Alfresco Search Team.