Как настроить полную синхронизацию вместо инкрементной?
AFAIK Alfresco CE при запуске выполняет только добавочную синхронизацию с LDAP-AD. Когда я установил Alfresco и настроил синхронизацию с LDAP-AD, была выполнена полная синхронизация. Все поля, которые я объявил, отображались в профиле пользователя. Теперь я решил добавить еще несколько полей. Например, skype а также companyfax,
Но они не отображаются.
Часть alfresco-global.properties (аналогично, в /alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-ad-authentication.properties):
...
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@...
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://...:389
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=Alfresco@...
ldap.synchronization.java.naming.security.credentials=...
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn\=Builtin,dc\=...,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,dc\=...,dc\=local
#ldap.synchronization.modifyTimestampAttributeName=whenChanged
#synchronization.import.cron=* */40 * * * ?
ntlm.authentication.sso.enabled=true
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
passthru.authentication.domain=...
passthru.authentication.servers=...\\...
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.synchronization.userFirstNameAttributeName=displayName
ldap.synchronization.userLastNameAttributeName=department
ldap.synchronization.userEmailAttributeName=email
ldap.synchronization.userOrganizationalIdAttributeName=department
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userLocationAttributeName=description
ldap.synchronization.userTelephoneAttributeName=telephoneNumber
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.synchronizeChangesOnly=false
#synchronization.syncWhenMissingPeopleLogIn=true
#synchronization.syncOnStartup=true
#synchronization.autoCreatePeopleOnLogin=true
...
В логах я вижу, что синхронизация не выполняется:
...
2017-03-07 10:07:39,891 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,921 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 10:07:39,941 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2017-03-07 10:07:39,942 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2017-03-07 10:07:39,945 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2017-03-07 10:07:39,975 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,976 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 0 groups: 0
...
Я изменил запросы LDAP на (удален whenChanged):
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectClass\=group))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user))
Затем перезапустите Alfresco и каждый раз он выполняет полную синхронизацию. Кажется, сейчас все в порядке. Или я не прав?..
...
2017-03-07 11:42:30,314 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:30,341 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,437 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'The performance log users' with distinguished name: CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,626 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-535-W8,OU=Computers,OU=OIT,OU=...,DC=...,DC=local
2017-03-07 11:42:30,685 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-265-XP,OU=Computers,OU=FSO,OU=...,DC=...,DC=local
2017-03-07 11:42:30,697 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Pre-Windows 2000 access' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,698 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Windows authorization access group' with distinguished name: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,704 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 19 entries
2017-03-07 11:42:30,874 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 19 entries out of 19. 100% complete. Rate: 111 per second. 0 failures detected.
2017-03-07 11:42:30,875 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 19 entries
2017-03-07 11:42:30,896 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Commencing batch of 4 entries
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 4 entries out of 4. 100% complete. Rate: 4000 per second. 0 failures detected.
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Completed batch of 4 entries
2017-03-07 11:42:30,900 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 11:42:30,939 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 529 entries
2017-03-07 11:42:32,015 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 100 entries out of 529. 19% complete. Rate: 92 per second. 0 failures detected.
2017-03-07 11:42:32,777 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 200 entries out of 529. 38% complete. Rate: 108 per second. 0 failures detected.
2017-03-07 11:42:33,426 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 300 entries out of 529. 57% complete. Rate: 120 per second. 0 failures detected.
2017-03-07 11:42:34,025 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 400 entries out of 529. 76% complete. Rate: 129 per second. 0 failures detected.
2017-03-07 11:42:34,640 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 500 entries out of 529. 95% complete. Rate: 135 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 529 entries out of 529. 100% complete. Rate: 137 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 529 entries
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 529 groups: 19
...
Как правильно настроить полную синхронизацию при запуске?..
Буду очень признателен за информацию. Спасибо всем.
1 ответ
Решение
Аксель Фауст дал исчерпывающий ответ:
Как настроить полную синхронизацию вместо инкрементной?
Это решило мою проблему.
Как сказано здесь: свойства конфигурации синхронизации
synchronization.synchronizeChangesOnly: указывает, выполняется ли запланированное задание синхронизации в дифференциальном режиме. По умолчаниюtrueЭто означает, что запланированное задание синхронизации выполняется в дифференциальном режиме (а не в полном режиме). Независимо от этого параметра дифференциальная синхронизация все еще может быть запущена, когда пользователь, который еще не существует в Alfresco, успешно прошел аутентификацию.