Struggles On Alfrescos LDAP-Synchronisation With Multiple Domain-Controllers

What a hell last two days. What guy doesnt know the case, where its all right set but nothing gets to run on these things? A common developer issue and long-term pain

My current case descripes LDAP-Synchronisation against more than one Active-Directory, respectivally Domain Controller.

An international customer wants to sync users and groups being stored in active directories in Alfresco as well. So well, what for options do we have to achieve this?

Normally you setup in you project the file ldap-synchronisation.properties as well as the regarding context. But whats about that case when your infrastructure consists of multiple Domain Controllers (every DC got its own Active Directory)? For instance you got the domain mycompany.com, your scape could be as following:

mycompany.com

->  de
->  com
->  jp

You can do this if your scape does posses a worldwide-ranged company but has got more localy activities. The more ADs you have the more sync-efford most be taked and for authentication (which is probably synchronously managed with sync as well) you have to do the same and theb… it got worst. Why? Imagine a user that must be binded against 30 or more Domain Controllers to sucessfully authenticate against ONE AD. Thats realy bad.

Well of course, this approach is an option that could be taked as Alfresco supports this in a more detail character. But its not for real an appropriate solution, you know this!

Microsoft introduced therefoe a globaly managed site-catalogue. One (or more) DCs consists  of an schema and links to all DC´s that exists in the company. Locally managed AD-Data will be synchronized with the GC (but not all: normaly email, givenName as well as sn will be mostly synced as well as the sAMAccountName (Accounts Logon Name).

Its a logicaly conclusion to use GC with Alfresco as well! But if you use port 389 (eg.g. ldap://ldap.mycompany.com:389) you got nothing back if you do an ldap search on using the synchronisation of Alfresco. As descriped earlier the GC managed all ADs being replicated to this DC, the port is a different for quering as well.

The port must be  ldap://ldap.mycompany.com:3268. Nothing else must be changed to retrieve employees that working in principal on different countries against locally managed DCs.

Comments

• Find It

• About

  Sebastian Wenzky works since october 09 as a ecm-consultant at Westernacher in Stuttgart. Alfresco, Spring, Hibernate, JBPM and - to much - coffee are now his companions. The corresponding company the right way to go.

• Recently Written

  • Liferay and CMIS against Alfresco
  • Critical Liferay Security Issue: User is logged in as another user
  • Liferay 6.1 CE released - A first brief review!
  • Yet Another Alfresco-Liferay Integration
  • DevCon to be intended to get next level
  • Modulizing me! Time to take a deep breath!
  • Alfresco Share Wants To Speak To You All
  • Expose Liferay & Custom Services as JSON
  • Passing dynamically parameters to a Java Web Start App (JNLP)
  • AccessDeniedException Due to Creating of Thumbnails in Alfresco Share

• Categories

  • 6.1
  • Alfresco
  • Career
  • Common Sense
  • Critical
  • Database Competence Center
  • Document Management System
  • ECM
  • Events
  • FuThuer.de - Technical Department
  • J2EE
  • Java
  • Java Web Start
  • JBPM
  • JSF
  • Liferay
  • LINUX
  • LogicalDOC
  • MySQL
  • OpenMeeting
  • Oracle
  • Review
  • Security
  • Study Study Study
  • Ubuntu
  • Uncategorized

• Monthly Archives

  • January 2012
  • December 2011
  • November 2011
  • June 2011
  • May 2011
  • October 2010
  • November 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • February 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • May 2008
  • February 2008
  • January 2008
  • November 2007
  • October 2007
  • August 2007
  • July 2007

Copyright © 2007 krypthonas.de • Sebastian Wenzky • contact me! for particular infos and requests