Alfresco-为Active Directory配置2个groupSearchBases [英] Alfresco - Configure 2 groupSearchBases for Active Directory

问题描述

如何为Alfresco配置2个groupSearchBases?

How to configure 2 groupSearchBases for Alfresco?

现在我在global.properties中拥有此属性:

Right now i have this property in my global.properties:

ldap.synchronization.groupSearchBase=CN\=Alfresco users,OU\=Users,OU\=AWE,DC\=main,DC\=awe

但是我需要使用路径配置第二个搜索库

But i need to configure second search base with path

CN =露天用户，OU =实验室，OU = AWE，DC =主要，DC =敬畏

CN=Alfresco users,OU=Labs,OU=AWE,DC=main,DC=awe

.我试过的是使用 OR 语句配置属性，如下所示:

. What i have tried is to configure the property with OR statement like this:

ldap.synchronization.groupSearchBase=(|(CN\=Alfresco users,OU\=Users,OU\=AWE,DC\=main,DC\=awe)(CN\=Alfresco users,OU\=Labs,OU\=AWE,DC\=main,DC\=awe))

此设置给我一个错误:

00:30:07,147 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02290000 Error during LDAP Search. Reason: null
...
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:5000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC\=main,DC\=awe']; remaining name '']
...
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:5000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC\=main,DC\=awe']; remaining name ''
...
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC\=main,DC\=awe'

我还最小化了searchBase路径，以包含两个目录，如下所示:

I also minimized the searchBase path to include both of the directories like this:

ldap.synchronization.groupSearchBase=CN\=Alfresco users,OU\=AWE,DC\=main,DC\=awe

但这也给了我一个错误:

But this also gave me an error:

    org.alfresco.error.AlfrescoRuntimeException: 02310000 Error during LDAP Search. Reason: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=AWE,DC=main,DC=awe'
...
    Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:'OU=AWE,DC=main,DC=awe'

我做错了什么以及如何对两个groupSearchBases进行露天搜索(如果可能的话，最简单的方法).预先感谢.

What i am doing wrong and how to make alfresco search for both groupSearchBases (the easiest way if possible). Thanks in advance.

推荐答案

，搜索库是LDAP(专有名称)路径，而不是查询.这意味着您应该为用户和组查询选择搜索基础，并选择两个组织单位都从属的路径: OU = AWE，DC = main，DC = awe .

as mentioned in the comments, the search base is a LDAP (Distinguished Name) path, not a query. This means that you should select the search base for your user and group query to a path for which both organizational units are subordinate: OU=AWE,DC=main,DC=awe.

然后，您需要构建用户和组 query ，以便仅按预期返回组和用户.例如.人员查询可能如下所示:

Then you need to build the users and groups query so that only groups and users are returned as expected. E.g. for the person query can look like this:

(&
 (objectCategory\=Person)
 (|
   (memberOf\:1.2.840.113556.1.4.1941\:\=CN\=Alfresco users,OU\=Users,OU\=AWE,DC\=main,DC\=awe)
   (memberOf\:1.2.840.113556.1.4.1941\:\=CN\=Alfresco users,OU\=Labs,OU\=AWE,DC\=main,DC\=awe)
 )
 (userAccountControl\:1.2.840.113556.1.4.803\:\=512)
)

对于组搜索，您应该执行相同的操作.

for the group search you should do the same.

提示: 1.2.840.113556.1.4.1941 是Active Directory特定的过滤器，用于检索嵌套组(递归检索该DN的所有成员).有关更多信息，请检查 Active Directory:LDAP语法过滤器|MS Tecnet

hint: 1.2.840.113556.1.4.1941 is a Active-Directory specific filter to retrieve nested groups (recursive retrieval of all members of that DN). For more info check Active Directory: LDAP Syntax Filters | MS Tecnet

这篇关于Alfresco-为Active Directory配置2个groupSearchBases的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！