如何配置完全同步而不是增量同步?
How to configure full synchronization instead of incremental?
AFAIK Alfresco CE 在启动时仅执行与 LDAP-AD 的增量同步。当我安装 Alfresco 并配置与 LDAP-AD 的同步时,执行了完全同步。我声明的所有字段都显示在用户配置文件中。现在,我决定再添加几个字段。例如,skype 和 companyfax.
但是没有显示。
部分alfresco-global.properties(同样,在/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-ad-authentication.properties):
...
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@...
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://...:389
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=Alfresco@...
ldap.synchronization.java.naming.security.credentials=...
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn\=Builtin,dc\=...,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,dc\=...,dc\=local
#ldap.synchronization.modifyTimestampAttributeName=whenChanged
#synchronization.import.cron=* */40 * * * ?
ntlm.authentication.sso.enabled=true
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
passthru.authentication.domain=...
passthru.authentication.servers=...\...
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.synchronization.userFirstNameAttributeName=displayName
ldap.synchronization.userLastNameAttributeName=department
ldap.synchronization.userEmailAttributeName=email
ldap.synchronization.userOrganizationalIdAttributeName=department
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userLocationAttributeName=description
ldap.synchronization.userTelephoneAttributeName=telephoneNumber
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.synchronizeChangesOnly=false
#synchronization.syncWhenMissingPeopleLogIn=true
#synchronization.syncOnStartup=true
#synchronization.autoCreatePeopleOnLogin=true
...
在日志中我看到没有执行同步:
...
2017-03-07 10:07:39,891 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,921 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 10:07:39,941 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2017-03-07 10:07:39,942 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2017-03-07 10:07:39,945 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2017-03-07 10:07:39,975 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,976 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 0 groups: 0
...
我将 LDAP 查询更改为(删除 whenChanged):
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectClass\=group))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user))
然后重启Alfresco,每次执行完全同步。看来现在一切都OK了。还是我错了?..
...
2017-03-07 11:42:30,314 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:30,341 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,437 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'The performance log users' with distinguished name: CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,626 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-535-W8,OU=Computers,OU=OIT,OU=...,DC=...,DC=local
2017-03-07 11:42:30,685 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-265-XP,OU=Computers,OU=FSO,OU=...,DC=...,DC=local
2017-03-07 11:42:30,697 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Pre-Windows 2000 access' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,698 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Windows authorization access group' with distinguished name: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,704 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 19 entries
2017-03-07 11:42:30,874 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 19 entries out of 19. 100% complete. Rate: 111 per second. 0 failures detected.
2017-03-07 11:42:30,875 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 19 entries
2017-03-07 11:42:30,896 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Commencing batch of 4 entries
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 4 entries out of 4. 100% complete. Rate: 4000 per second. 0 failures detected.
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Completed batch of 4 entries
2017-03-07 11:42:30,900 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 11:42:30,939 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 529 entries
2017-03-07 11:42:32,015 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 100 entries out of 529. 19% complete. Rate: 92 per second. 0 failures detected.
2017-03-07 11:42:32,777 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 200 entries out of 529. 38% complete. Rate: 108 per second. 0 failures detected.
2017-03-07 11:42:33,426 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 300 entries out of 529. 57% complete. Rate: 120 per second. 0 failures detected.
2017-03-07 11:42:34,025 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 400 entries out of 529. 76% complete. Rate: 129 per second. 0 failures detected.
2017-03-07 11:42:34,640 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 500 entries out of 529. 95% complete. Rate: 135 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 529 entries out of 529. 100% complete. Rate: 137 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 529 entries
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 529 groups: 19
...
如何正确配置开机全同步?
Axel Faust给出了详尽的答案:
How to configure full synchronization instead of incremental?
它解决了我的问题。
如这里所述:Synchronization configuration properties
synchronization.synchronizeChangesOnly: specifies whether the scheduled synchronization job is run in differential mode. The default
is true, which means that the scheduled sync job is run in
differential mode (rather than full mode). Regardless of this setting
a differential sync can still be triggered when a user who does not
yet exist in Alfresco is successfully authenticated.
AFAIK Alfresco CE 在启动时仅执行与 LDAP-AD 的增量同步。当我安装 Alfresco 并配置与 LDAP-AD 的同步时,执行了完全同步。我声明的所有字段都显示在用户配置文件中。现在,我决定再添加几个字段。例如,skype 和 companyfax.
但是没有显示。
部分alfresco-global.properties(同样,在/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-ad-authentication.properties):
...
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@...
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://...:389
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=Alfresco@...
ldap.synchronization.java.naming.security.credentials=...
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn\=Builtin,dc\=...,dc\=local
ldap.synchronization.userSearchBase=cn\=Users,dc\=...,dc\=local
#ldap.synchronization.modifyTimestampAttributeName=whenChanged
#synchronization.import.cron=* */40 * * * ?
ntlm.authentication.sso.enabled=true
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
passthru.authentication.domain=...
passthru.authentication.servers=...\...
passthru.authentication.defaultAdministratorUserNames=Admin,BykovAN
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.synchronization.userFirstNameAttributeName=displayName
ldap.synchronization.userLastNameAttributeName=department
ldap.synchronization.userEmailAttributeName=email
ldap.synchronization.userOrganizationalIdAttributeName=department
ldap.synchronization.userJobTitleAttributeName=title
ldap.synchronization.userLocationAttributeName=description
ldap.synchronization.userTelephoneAttributeName=telephoneNumber
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.synchronizeChangesOnly=false
#synchronization.syncWhenMissingPeopleLogIn=true
#synchronization.syncOnStartup=true
#synchronization.autoCreatePeopleOnLogin=true
...
在日志中我看到没有执行同步:
...
2017-03-07 10:07:39,891 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,921 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 10:07:39,941 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2017-03-07 10:07:39,942 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2017-03-07 10:07:39,945 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2017-03-07 10:07:39,963 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2017-03-07 10:07:39,975 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 10:07:39,976 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 0 groups: 0
...
我将 LDAP 查询更改为(删除 whenChanged):
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectClass\=group))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user))
然后重启Alfresco,每次执行完全同步。看来现在一切都OK了。还是我错了?..
...
2017-03-07 11:42:30,314 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:30,341 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since 01.03.2017 14:46:18 from user registry 'ldap1'
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,431 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Users' with distinguished name: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,437 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'The performance log users' with distinguished name: CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,626 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-535-W8,OU=Computers,OU=OIT,OU=...,DC=...,DC=local
2017-03-07 11:42:30,685 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'DCOM Users' with distinguished name: CN=PK-265-XP,OU=Computers,OU=FSO,OU=...,DC=...,DC=local
2017-03-07 11:42:30,697 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Pre-Windows 2000 access' with distinguished name: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,698 WARN [sync.ldap.LDAPUserRegistry] [localhost-startStop-1] Failed to resolve member of group 'Windows authorization access group' with distinguished name: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=...,DC=local
2017-03-07 11:42:30,704 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 19 entries
2017-03-07 11:42:30,874 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Processed 19 entries out of 19. 100% complete. Rate: 111 per second. 0 failures detected.
2017-03-07 11:42:30,875 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 19 entries
2017-03-07 11:42:30,896 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Commencing batch of 4 entries
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Processed 4 entries out of 4. 100% complete. Rate: 4000 per second. 0 failures detected.
2017-03-07 11:42:30,897 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=3 Group Creation and Association Deletion: Completed batch of 4 entries
2017-03-07 11:42:30,900 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since 07.03.2017 9:13:44 from user registry 'ldap1'
2017-03-07 11:42:30,939 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 529 entries
2017-03-07 11:42:32,015 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 100 entries out of 529. 19% complete. Rate: 92 per second. 0 failures detected.
2017-03-07 11:42:32,777 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 200 entries out of 529. 38% complete. Rate: 108 per second. 0 failures detected.
2017-03-07 11:42:33,426 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 300 entries out of 529. 57% complete. Rate: 120 per second. 0 failures detected.
2017-03-07 11:42:34,025 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 400 entries out of 529. 76% complete. Rate: 129 per second. 0 failures detected.
2017-03-07 11:42:34,640 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 500 entries out of 529. 95% complete. Rate: 135 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 529 entries out of 529. 100% complete. Rate: 137 per second. 0 failures detected.
2017-03-07 11:42:34,791 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 529 entries
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2017-03-07 11:42:34,803 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Processed users: 529 groups: 19
...
如何正确配置开机全同步?
Axel Faust给出了详尽的答案:
How to configure full synchronization instead of incremental?
它解决了我的问题。
如这里所述:Synchronization configuration properties
synchronization.synchronizeChangesOnly: specifies whether the scheduled synchronization job is run in differential mode. The default istrue, which means that the scheduled sync job is run in differential mode (rather than full mode). Regardless of this setting a differential sync can still be triggered when a user who does not yet exist in Alfresco is successfully authenticated.