Hi. Alfresco is advanced document management with integrated NFS, CIFS, FTP... It can sync users and groups from LDAP.

Anyway, I've integrated succesfully Zimbra and samba/posix zimlets (addons) and I've set up Zimbra's LDAP as master LDAP for Samba PDC. So, users are now added only in one place - in Zimbra's administration panel.

Now I want to sync Alfresco with Zimbra LDAP users/groups. I've succeded pretty much with it, with only one problem remaining. I can't connect users to groups. Although they are set OK in LDAP, and in Zimbra, in alfresco I can see all the groups and all the users, but there is no connection between them.

Problem is I don't understand what LDAP settings I should set...
Here is my /var/lib/tomcat5/shared/classes/alfresco/extension/subsystems/Authentication/ldap/zimbraldap/ldap-authentication.properties:
Code:
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=zimbra,dc=company,dc=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://IP_OF_LDAP:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=jsosic
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=config
ldap.synchronization.java.naming.security.credentials=PASSWORD
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=posixAccount)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=posixAccount)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=groups,dc=company,dc=com
ldap.synchronization.userSearchBase=ou=people,dc=zimbra,dc=company,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=zimbraId ***
ldap.synchronization.defaultHomeFolderProvider=homeDirectory
ldap.synchronization.groupIdAttributeName=gidNumber
ldap.synchronization.groupType=posixGroup ***
ldap.synchronization.personType=organizationalPerson ***
ldap.synchronization.groupMemberAttributeName=memberUid ***
ldap.synchronization.enableProgressEstimation=true
I don't understand from Zimbra LDAP what value should I set for groupType and personType attributes? I've set organizationalPerson, because default value was inetOrgPerson. groupType default was groupOfNames... Which doesn't ring a clue for me How can I be sure I've selected the correct ones?
I also totaly don't understand userOrganizationalIdAttributeName and how to find it in slapcat's output. Default value in Alfresco config file was 'o', like this:
Code:
ldap.synchronization.userOrganizationalIdAttributeName=o
I would appreciate any kind of help...