Could you give us all the trace? The SizeLimitExceededException should
be treated correctly.
Florent
On 23 Jun 2008, at 15:04, Xavier Pétard wrote:
> Hello,
>
> I think I'm trying to get a similar configuration:
> Users from LDAP (read only), some local (SQL) users for demo/
> administration purposes ;
> Groups from LDAP (read only), some local (SQL) groups for demo/
> administration (mainly rights management) purposes ;
>
> I've previously tested users and groups from LDAP, with membership.
> In order to use some local users and groups, I've added a fourth
> configuration file to use MultiDirectories, "default-users-directory-
> bundle.xml".
>
> But, whenever I try to create a group, the following exception is
> thrown (despite these lines :
> <directory name="ldapUserDirectory">
> ...
> <querySizeLimit>8</querySizeLimit>
>
>
> **
> 14:09:55,620 ERROR [STDERR] Jun 23, 2008 2:09:55 PM
> com.sun.faces.lifecycle.LifecycleImpl phase
> WARNING: executePhase(RENDER_RESPONSE
> 6,org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl
> [EMAIL PROTECTED]) threw exception
> javax.faces.FacesException: javax.el.ELException: /
> create_group.xhtml @83,68
> value="#{groupManagerActions.availableGroups}":
> org.nuxeo.ecm.directory.DirectoryException: Could not create
> DocumentModelList
> ...
> Caused by: javax.el.ELException: /create_group.xhtml @83,68
> value="#{groupManagerActions.availableGroups}":
> org.nuxeo.ecm.directory.DirectoryException: Could not create
> DocumentModelList
> at
> com
> .sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:
> 76)
> at
> javax.faces.component.UISelectItems.getValue(UISelectItems.java:130)
> ... 75 more
> Caused by: org.nuxeo.ecm.directory.DirectoryException: Could not
> create DocumentModelList
> ... 76 more
> Caused by: org.nuxeo.ecm.core.api.WrappedException: Exception:
> javax.naming.SizeLimitExceededException. message: [LDAP: error code
> 4 - Sizelimit Exceeded]
> **
>
> Am I going the wrong way?
>
> Thx.
>
> Olivier Grisel a écrit :
>>
>> [EMAIL PROTECTED] a écrit :
>>
>>> Thx !
>>>
>>> Unfortunately, there's no more explanation of this topics in the
>>> Nuxeo Book (exept 2 paragraphs). I need local
>>> user for Nuxeo : I don't want to create new LDAP user though the
>>> Nuxeo interface.
>>>
>> Then you should use the Nuxeo MultiDirectory feature to combine
>> users coming
>> from your LDAP server with nuxeo specific users stored in a
>> dedicated RDBMS
>> compatible with the SQL protocol.
>>
>>
>> http://doc.nuxeo.org/5.1/components/org.nuxeo.ecm.directory.multi.MultiDirectoryFactory.html#extension_point_directories
>>
>>
>>> Where should i but this
>>> readonly properties if it is correct ?
>>>
>> This is not what you want (see above) but should you want to make
>> it possible to
>> edit/create/delete user entries in your LDAP server, you should put
>> <readOnly>false</readOnly> anywhere right under the <directory
>> name="userDirectory"> tag.
>>
>>
>
>
> --
> Xavier Pétard
> Centre de Ressources Informatiques
> Université de La Rochelle
> <?xml version="1.0"?>
>
> <component name="org.nuxeo.ecm.directory.ldap.storage.users">
> <implementation
> class="org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" />
> <implementation
> class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor" />
> <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
>
> <!-- the groups SQL directories are required to make this bundle
> work -->
> <require>org.nuxeo.ecm.directory.sql.storage</require>
>
> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
> point="servers">
>
> <!-- Configuration of a server connection
>
> A single server declaration can point to a cluster of replicated
> servers (using OpenLDAP's slapd + sluprd for instance). To
> leverage
> such a cluster and improve availibility, please provide one
> <ldapUrl/> tag for each replica of the cluster.
> -->
> <server name="default">
>
> <ldapUrl>***</ldapUrl>
> <!-- Optional servers from the same cluster for failover
> and load balancing:
>
> <ldapUrl>ldap://server2:389</ldapUrl>
> <ldapUrl>ldaps://server3:389</ldapUrl>
>
> "ldaps" means TLS/SSL connection.
> -->
> <bindDn>***</bindDn>
> <bindPassword></bindPassword>
> </server>
>
> </extension>
>
> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
> point="directories">
>
> <directory name="ldapUserDirectory">
> <server>default</server>
> <schema>user</schema>
> <idField>username</idField>
> <passwordField>password</passwordField>
> <querySizeLimit>8</querySizeLimit>
>
> <searchBaseDn>***</searchBaseDn>
> <searchClass>person</searchClass>
> <!-- To additionally restricte entries you can add an
> arbitrary search filter such as the following:
>
> <searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</
> searchFilter>
>
> Beware that "&" writes "&" in XML.
> -->
>
> <!-- use subtree if the people branch is nested -->
> <searchScope>onelevel</searchScope>
>
> <!-- using 'subany', search will match *toto*. use 'subfinal' to
> match *toto and 'subinitial' to match toto*. subinitial is the
> default behaviour-->
> <substringMatchType>subany</substringMatchType>
>
> <readOnly>false</readOnly>
>
> <!-- comment <cache* /> tags to disable the cache -->
> <!-- cache timeout in seconds -->
> <cacheTimeout>3600</cacheTimeout>
>
> <!-- maximum number of cached entries before global
> invalidation -->
> <cacheMaxSize>1000</cacheMaxSize>
>
> <creationBaseDn>***</creationBaseDn>
> <creationClass>top</creationClass>
> <creationClass>person</creationClass>
> <creationClass>organizationalPerson</creationClass>
> <creationClass>inetOrgPerson</creationClass>
> <rdnAttribute>uid</rdnAttribute>
>
> <fieldMapping name="username">uid</fieldMapping>
> <fieldMapping name="password">userPassword</fieldMapping>
> <fieldMapping name="firstName">givenName</fieldMapping>
> <fieldMapping name="lastName">sn</fieldMapping>
> <fieldMapping name="company">o</fieldMapping>
> <fieldMapping name="email">mail</fieldMapping>
>
> <references>
>
> <inverseReference field="groups" directory="ldapGroupDirectory"
> dualReferenceField="members" />
>
> </references>
>
> </directory>
>
> </extension>
>
> </component>
> <?xml version="1.0"?>
>
> <component name="org.nuxeo.ecm.directory.ldap.storage.groups">
> <implementation
> class="org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" />
> <implementation
> class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor" />
> <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
>
> <!-- the groups LDAP directory for users is required to make this
> bundle work -->
> <require>org.nuxeo.ecm.directory.ldap.storage.users</require>
>
> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
> point="servers">
>
> <!-- Configuration of a server connection
>
> A single server declaration can point to a cluster of replicated
> servers (using OpenLDAP's slapd + sluprd for instance). To
> leverage
> such a cluster and improve availibility, please provide one
> <ldapUrl/> tag for each replica of the cluster.
> -->
> <server name="personnels">
>
> <ldapUrl>***</ldapUrl>
> <bindDn>***</bindDn>
> <bindPassword></bindPassword>
> </server>
>
> </extension>
> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
> point="directories">
>
> <directory name="ldapGroupDirectory">
>
> <!-- NOT Reuse the default server configuration defined for
> userDirectory -> ne contient pas les infos de groupes -->
> <server>personnels</server>
>
> <schema>group</schema>
> <idField>groupname</idField>
> <querySizeLimit>8</querySizeLimit>
>
> <searchBaseDn>***</searchBaseDn>
> <searchFilter>(|(objectClass=groupOfNames)
> (objectClass=groupOfURLs))</searchFilter>
> <searchScope>subtree</searchScope>
>
> <readOnly>true</readOnly>
>
> <!-- comment <cache* /> tags to disable the cache -->
> <!-- cache timeout in seconds -->
> <cacheTimeout>3600</cacheTimeout>
>
> <!-- maximum number of cached entries before global
> invalidation -->
> <cacheMaxSize>1000</cacheMaxSize>
>
> <creationBaseDn>ou=groups,dc=example,dc=com</creationBaseDn>
> <creationClass>top</creationClass>
> <creationClass>groupOfUniqueNames</creationClass>
> <rdnAttribute>cn</rdnAttribute>
>
> <fieldMapping name="groupname">cn</fieldMapping>
>
> <references>
>
>
> <!-- LDAP reference resolve DNs embedded in uniqueMember
> attributes
>
> If the target directory has no specific filtering policy,
> it is most
> of the time not necessary to enable the
> 'forceDnConsistencyCheck' policy.
>
> Enabling this option will fetch each reference entry to
> ensure its
> existence in the target directory.
> -->
>
> <ldapReference field="members" directory="ldapUserDirectory"
> forceDnConsistencyCheck="false"
> staticAttributeId="member"
> dynamicAttributeId="memberURL" />
>
> <!--Pas de hierarchie dans les groupes LDAP
> <ldapReference field="subGroups" directory="ldapGroupDirectory"
> forceDnConsistencyCheck="false"
> staticAttributeId="uniqueMember"
> dynamicAttributeId="memberURL" />
>
> <inverseReference field="parentGroups"
> directory="ldapGroupDirectory"
> dualReferenceField="subGroups" />
> -->
> </references>
>
> </directory>
>
> </extension>
>
> </component>
> <?xml version="1.0"?>
>
> <component name="org.nuxeo.ecm.directory.sql.storage">
>
> <implementation
> class="org.nuxeo.ecm.directory.sql.SQLDirectoryDescriptor" />
>
> <require>org.nuxeo.ecm.directory.sql.SQLDirectoryFactory</require>
>
> <extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory"
> point="directories">
>
> <directory name="sqlUserDirectory">
>
> <schema>user</schema>
>
> <dataSource>java:/nxsqldirectory</dataSource>
>
> <table>users</table>
> <idField>username</idField>
> <passwordField>password</passwordField>
> <autoincrementIdField>false</autoincrementIdField>
> <dataFile>users.csv</dataFile>
> <createTablePolicy>on_missing_columns</createTablePolicy>
> <querySizeLimit>15</querySizeLimit>
>
> <references>
> <inverseReference field="groups" directory="groupDirectory"
> dualReferenceField="members" />
> </references>
>
> </directory>
>
> <directory name="sqlGroupDirectory">
>
> <schema>group</schema>
> <dataSource>java:/nxsqldirectory</dataSource>
> <table>groups</table>
> <idField>groupname</idField>
> <dataFile>groups.csv</dataFile>
> <createTablePolicy>on_missing_columns</createTablePolicy>
> <autoincrementIdField>false</autoincrementIdField>
>
> <references>
> <tableReference field="members" directory="sqlUserDirectory"
> table="user2group" sourceColumn="groupId"
> targetColumn="userId" schema="user2group"
> dataFile="user2group.csv" />
> <tableReference field="subGroups" directory="sqlGroupDirectory"
> table="group2group" sourceColumn="childGroupId"
> targetColumn="parentGroupId" schema="group2group" />
> <inverseReference field="parentGroups"
> directory="sqlGroupDirectory"
> dualReferenceField="subGroups" />
> </references>
>
> </directory>
>
> </extension>
> </component>
> <?xml version="1.0"?>
> <component name="org.nuxeo.ecm.directory.multi.users.storage">
>
> <implementation
> class="org.nuxeo.ecm.directory.multi.MultiDirectoryDescriptor" />
> <implementation
> class="org.nuxeo.ecm.directory.multi.SourceDescriptor" />
> <implementation
> class="org.nuxeo.ecm.directory.multi.SubDirectoryDescriptor" />
> <require>org.nuxeo.ecm.directory.multi.MultiDirectoryFactory</
> require>
>
> <extension
> target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory"
> point="directories">
>
> <directory name="userDirectory">
> <schema>user</schema>
> <idField>username</idField>
> <passwordField>password</passwordField>
>
> <querySizeLimit>8</querySizeLimit>
>
> <source name="ldapusers">
> <subDirectory name="ldapUserDirectory"/>
> </source>
>
> <source name="sqlusers" creation="true">
> <subDirectory name="sqlUserDirectory" />
> </source>
>
> </directory>
>
> <directory name="groupDirectory">
> <schema>group</schema>
> <idField>groupname</idField>
>
> <source name="ldapgroups">
> <subDirectory name="ldapGroupDirectory"/>
> </source>
>
> <source name="sqlgroups" creation="true">
> <subDirectory name="sqlGroupDirectory" />
> </source>
>
> </directory>
>
> </extension>
>
> </component>
> _______________________________________________
> ECM mailing list
> [email protected]
> http://lists.nuxeo.com/mailman/listinfo/ecm
--
Florent Guillaume, Director of R&D, Nuxeo
Open Source Enterprise Content Management (ECM)
http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
