Let me preface by thanking the nuxeo community for such a great product and a great forum. I am trying to set this up as a proof-of-concept for my new biotech company. If I can prove the concept, we will, in all likelihood, purchase commercial support from Nuxeo. However, I want to be able to at least get it running and using Active Directory for user and group authentication and authorization before committing to the product. I appreciate your help in making this trial a success so we can build a mutually beneficial relationship.
OK, I have analyzed my server.log file and also done a tcpdump between my Nuxeo server and my Active Directory domain controller (the one which Nuxeo looks to for LDAP info). I am 99% sure that my problem revolves around the ldapReference and inverseReference definitions in my default-ldap-groups-directory-bundle.xml and possibly the inverseReference field in my default-ldap-users-directory-bundle.xml file. Specifically, my Active Directory's ldap attributes are different than the default ones used in those *Reference fields. For example, there are no memberUrl fields, no members fields, no groupOfUniqueNames, etc. I have static "member" fields in my group definition, one for each member. I have "memberOf" fields in my user and group definitions to point to which groups each group or user belongs to. I have tried fixing the ldapReference and inverseReference fields to match my Active Directory user and group schemas, but unfortunately I can't find enough documentation on the specifics of how ldapReference and inverseReference work, so I'm not sure if I'm doing it right. Please advise how those fields should be set for use with an Active Directory schema. Here is a sample ldif export for a user and a group from my Active Directory, so you can see which fields I'm trying to map to: GROUP EXAMPLE dn: CN=Domain Users, CN=Users, DC=mydomain,DC=com sAMAccountType: <Value Removed> objectClass: top objectClass: group objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=mydomain,DC=com cn: Domain Users groupType: <Value Removed> dSCorePropagationData: <Value Removed> dSCorePropagationData: <Value Removed> dSCorePropagationData: <Value Removed> distinguishedName: CN=Domain Users,CN=Users,DC=mydomain,DC=com whenChanged: <Value Removed> whenCreated: <Value Removed> description: All domain users objectGUID:: <Value Removed> uSNChanged: <Value Removed> uSNCreated: <Value Removed> objectSid:: <Value Removed> sAMAccountName: Domain Users instanceType: 4 memberOf: CN=Users,CN=Builtin,DC=mydomain,DC=com name: Domain Users dn: CN=My User, CN=Users, DC=mydomain,DC=com whenCreated: <Value Removed> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com mDBUseDefaults: TRUE mSMQDigests:: <Value Removed> objectGUID:: <Value Removed> mail: [EMAIL PROTECTED] msExchUserAccountControl: 0 msExchMailboxSecurityDescriptor:: <Value Removed> memberOf: CN=members,CN=Users,DC=mydomain,DC=com memberOf: CN=Domain Admins,CN=Users,DC=mydomain,DC=com msExchMailboxGuid:: <Value Removed> instanceType: 4 msExchPoliciesIncluded: <Value Removed> objectSid:: <Value Removed> proxyAddresses: smtp:[EMAIL PROTECTED] proxyAddresses: SMTP:[EMAIL PROTECTED] objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user name: My User sn: User mSMQSignCertificates:: <Value Removed> userAccountControl: <Value Removed> primaryGroupID: <Value Removed> uSNChanged: <Value Removed> cn: My User msExchVersion: <Value Removed> msExchHomeServerName: <Value Removed> mobile: <Value Removed> homeMTA: <Value Removed> sAMAccountType: <Value Removed> msExchRecipientTypeDetails: 1 legacyExchangeDN: <Value Removed> givenName: My uSNCreated: <Value Removed> displayName: My User pwdLastSet: <Value Removed> userPrincipalName: [EMAIL PROTECTED] whenChanged: <Value Removed> mailNickname: myuser distinguishedName: CN=My User,CN=Users,DC=mydomain,DC=com msExchRecipientDisplayType: <Value Removed> homeMDB: <Value Removed> showInAddressBook: <Value Removed> showInAddressBook: <Value Removed> sAMAccountName: myuser Again, I really appreciate your help on this. Merci Beaucoup! Dave Thibault _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
