0
AFAIK Alfresco CE führt beim Start nur eine inkrementelle Synchronisation mit LDAP-AD durch. Bei der Installation von Alfresco und der konfigurierten Synchronisation mit LDAP-AD wurde eine vollständige Synchronisation durchgeführt. Alle von mir angegebenen Felder wurden im Benutzerprofil angezeigt. Jetzt habe ich beschlossen, ein paar weitere Felder hinzuzufügen. Zum Beispiel skype und companyfax.So konfigurieren Sie die vollständige Synchronisation anstelle von inkrementellen?
Aber sie werden nicht angezeigt.
Ein Teil der alfresco-global.properties (in ähnlicher Weise in /alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-ad-authentication.properties):
...
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%[email protected]
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://...:389
ldap.synchronization.active=true
[email protected]
ldap.synchronization.java.naming.security.credentials=...
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn\=Builtin,dc\=...,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,dc\=...,dc\=local
#ldap.synchronization.modifyTimestampAttributeName=whenChanged
#synchronization.import.cron=* */40 * * * ?
ntlm.authentication.sso.enabled=true
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
passthru.authentication.domain=...
passthru.authentication.servers=...\\...
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.synchronization.userFirstNameAttributeName=displayName
ldap.synchronization.userLastNameAttributeName=department
ldap.synchronization.userEmailAttributeName=email
ldap.synchronization.userOrganizationalIdAttributeName=department
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userLocationAttributeName=description
ldap.synchronization.userTelephoneAttributeName=telephoneNumber
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.synchronizeChangesOnly=false
#synchronization.syncWhenMissingPeopleLogIn=true
#synchronization.syncOnStartup=true
#synchronization.autoCreatePeopleOnLogin=true
...
In den Protokollen sehe ich, dass die Synchronisation nicht durchgeführt wird:
...
2017-03-07 10:07:39,891 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,921 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 10:07:39,941 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2017-03-07 10:07:39,942 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2017-03-07 10:07:39,945 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2017-03-07 10:07:39,975 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,976 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 0 groups: 0
...
I geändert LDAP-Abfragen (entfernt whenChanged):
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectClass\=group))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user))
Starten Sie Alfresco neu und jedes Mal führt es eine vollständige Synchronisierung durch. Es scheint, dass jetzt alles in Ordnung ist. Oder bin ich falsch? ..
...
2017-03-07 11:42:30,314 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:30,341 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,437 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'The performance log users' with distinguished name: CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,626 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-535-W8,OU=Computers,OU=OIT,OU=...,DC=...,DC=local
2017-03-07 11:42:30,685 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-265-XP,OU=Computers,OU=FSO,OU=...,DC=...,DC=local
2017-03-07 11:42:30,697 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Pre-Windows 2000 access' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,698 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Windows authorization access group' with distinguished name: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,704 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 19 entries
2017-03-07 11:42:30,874 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 19 entries out of 19. 100% complete. Rate: 111 per second. 0 failures detected.
2017-03-07 11:42:30,875 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 19 entries
2017-03-07 11:42:30,896 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Commencing batch of 4 entries
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 4 entries out of 4. 100% complete. Rate: 4000 per second. 0 failures detected.
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Completed batch of 4 entries
2017-03-07 11:42:30,900 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 11:42:30,939 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 529 entries
2017-03-07 11:42:32,015 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 100 entries out of 529. 19% complete. Rate: 92 per second. 0 failures detected.
2017-03-07 11:42:32,777 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 200 entries out of 529. 38% complete. Rate: 108 per second. 0 failures detected.
2017-03-07 11:42:33,426 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 300 entries out of 529. 57% complete. Rate: 120 per second. 0 failures detected.
2017-03-07 11:42:34,025 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 400 entries out of 529. 76% complete. Rate: 129 per second. 0 failures detected.
2017-03-07 11:42:34,640 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 500 entries out of 529. 95% complete. Rate: 135 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 529 entries out of 529. 100% complete. Rate: 137 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 529 entries
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 529 groups: 19
...
Wie man richtig die vollständige Synchronisierung beim Start konfiguriert? ..
ich für die Informationen sehr dankbar sein würde. Dank an alle.