Indeed it's probably a problem of character quoting somewhere, LDAP has its own ad hoc escaping mechanism defined but it's pretty weird and we may not always quote/unquote everything properly. Could you open a JIRA issue ?
Florent On 15 Oct 2008, at 12:36, [EMAIL PROTECTED] wrote: > Hi, > > I'm currently trying to setup a Nuxeo instance. > > In order to retrieve users and groups, I connect to a LDAP directory. > > I can successfully retrieve users, groups, and authentication is > made against LDAP. No problem on this side. > > The problem I actually have is the following: > I have a User, "John Doe", which is member groups "Users/Students" > and "Global users". When I list the groups for user "John Doe" in > Nuxeo, I only have the "Global users" group. Every group containing > a slash isn't shown. > > I also get the following error : > [LDAPReference] could not find target 'CN=Users/ > Students,OU=Groups,DC=mydomain,DC=com' while fetching reference > 'LDAPReference to resolve field='groups' of > sourceDirectory='MyUserDirectory' with > targetDirectory='MyGroupDirectory' and staticAttributeId='memberOf', > dynamicAttributeId='null'' > > I had a look into the LDAP directory, and I found every group > containing a slash had this slash escaped with an \, for exemple, > the Users/Students group is shown as "CN=Users\/Students,OU=...". > Maybe this can be a problem. > > Here is my configuration file: > <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" > point="directories"> > > <directory name="SUPINFOUserDirectory"> > > <schema>SUPINFOUser</schema> > <idField>username</idField> > <passwordField>password</passwordField> > <server>ldap-paris1</server> > <searchBaseDn>dc=esi-supinfo,dc=com</searchBaseDn> > <searchClass>user</searchClass> > <searchScope>subtree</searchScope> > <substringMatchType>subany</substringMatchType> > > <read-only>true</read-only> > > <rdnAttribute>distinguishedName</rdnAttribute> > <fieldMapping name="username">sAMAccountName</fieldMapping> > <fieldMapping name="email">mail</fieldMapping> > <fieldMapping name="firstName">givenName</fieldMapping> > <fieldMapping name="lastName">sn</fieldMapping> > <fieldMapping name="dn">distinguishedName</fieldMapping> > > <references> > > <ldapReference field="groups" > directory="SUPINFOGroupDirectory" > forceDnConsistencyCheck="true" > staticAttributeId="memberOf" /> > > </references> > > </directory> > > <directory name="SUPINFOGroupDirectory"> > > <schema>SUPINFOGroup</schema> > <idField>name</idField> > <server>ldap-paris1</server> > <searchBaseDn>dc=esi-supinfo,dc=com</searchBaseDn> > <searchClass>group</searchClass> > <searchScope>subtree</searchScope> > > <read-only>true</read-only> > > <rdnAttribute>distinguishedName</rdnAttribute> > <fieldMapping name="name">name</fieldMapping> > <fieldMapping name="dn">distinguishedName</fieldMapping> > > <references> > > <ldapReference field="members" > directory="SUPINFOUserDirectory" > forceDnConsistencyCheck="true" > staticAttributeId="member" /> > > <ldapReference field="subGroups" > directory="SUPINFOGroupDirectory" > forceDnConsistencyCheck="true" > staticAttributeId="member" /> > > <ldapReference field="parentsGroup" > directory="SUPINFOGroupDirectory" > forceDnConsistencyCheck="true" > staticAttributeId="memberOf" /> > > </references> > > </directory> > > </extension> > > I tried using inverse references instead of ldap references, but my > LDAP directory is quite big, and group resolution for a given user > takes a while. > > Is there a way to make slashes work in group names ? > > Thanks, > > -- > Vivien Barousse > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm -- Florent Guillaume, Head of R&D, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
