Hi everybody,
we have configured the ldap-AD making Alfresco to import all users in the directory.
Due a not optimal AD organization based on geographical site we want only import effective users and not administrative account.
AD
-- OU site1 -- user1
-- user2
-- group HR
-- ...
-- OU site2 -- user3
-- user4
-- group Administration
-- ...
-- OU site3 -- user5
-- user6
-- group IT
-- ...
To select desidered users we tried to create a group named Alfresco_Users that contain all the users we want to import.
AD
-- OU alfresco -- group Alfresco_Users -- user1
-- user2
-- ...
ldap.authentication.active=true ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ldap.authentication.java.naming.provider.url=ldap://dc.domain.com:389 ldap.authentication.escapeCommasInBind=false ldap.authentication.escapeCommasInUid=false ldap.synchronization.active=true ldap.synchronization.queryBatchSize=1000 ldap.synchronization.attributeBatchSize=1000 ldap.synchronization.groupSearchBase=dc\=domain,dc\=com ldap.synchronization.userSearchBase=dc\=domain,dc\=com ldap.synchronization.modifyTimestampAttributeName=whenChanged ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z' ldap.synchronization.userIdAttributeName=sAMAccountName ldap.synchronization.userFirstNameAttributeName=givenName ldap.synchronization.userLastNameAttributeName=sn ldap.synchronization.userEmailAttributeName=mail ldap.synchronization.userOrganizationalIdAttributeName=company ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider ldap.synchronization.groupIdAttributeName=cn ldap.synchronization.groupDisplayNameAttributeName=displayName ldap.synchronization.groupType=group ldap.synchronization.personType=user ldap.synchronization.groupMemberAttributeName=member ldap.synchronization.enableProgressEstimation=true ldap.authentication.java.naming.read.timeout=0
this the code regarrd users and group import
# look for all group with name starting with Alfresco ldap.synchronization.groupQuery=(&(objectclass\=group)(cn\=Alfresco*)) ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(cn\=Alfresco*))(!(whenChanged<\={0})) # TRY 1this lokk for users contained in the Alfresco_users group NOT WORKING ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf\=CN\=Alfresco*)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)) # TRY 2 full FDN of group , group created not users imported ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf:1.2.840.113556.1.4.1941:\=cn\=Alfresco*,ou\=Alfresco,dc\=domain,dc\=com)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
tried also with the userAccountControl 1.2.840.113556.1.4.1941 parameter bu nothing.
Does someone can tell a quick way to add only desidered users in Alfresco (creating one new group, new OU or fixing the query in the confiug file) ?
Thanks for help
Fabio