Hi,
I'm currently trying to setup a Nuxeo instance.
In order to retrieve users and groups, I connect to a LDAP directory.
I can successfully retrieve users, groups, and authentication is made against
LDAP. No problem on this side.
The problem I actually have is the following:
I have a User, "John Doe", which is member groups "Users/Students" and "Global
users". When I list the groups for user "John Doe" in Nuxeo, I only have the
"Global users" group. Every group containing a slash isn't shown.
I also get the following error :
[LDAPReference] could not find target
'CN=Users/Students,OU=Groups,DC=mydomain,DC=com' while fetching reference
'LDAPReference to resolve field='groups' of sourceDirectory='MyUserDirectory'
with targetDirectory='MyGroupDirectory' and staticAttributeId='memberOf',
dynamicAttributeId='null''
I had a look into the LDAP directory, and I found every group containing a
slash had this slash escaped with an \, for exemple, the Users/Students group
is shown as "CN=Users\/Students,OU=...". Maybe this can be a problem.
Here is my configuration file:
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
point="directories">
<directory name="SUPINFOUserDirectory">
<schema>SUPINFOUser</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<server>ldap-paris1</server>
<searchBaseDn>dc=esi-supinfo,dc=com</searchBaseDn>
<searchClass>user</searchClass>
<searchScope>subtree</searchScope>
<substringMatchType>subany</substringMatchType>
<read-only>true</read-only>
<rdnAttribute>distinguishedName</rdnAttribute>
<fieldMapping name="username">sAMAccountName</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="dn">distinguishedName</fieldMapping>
<references>
<ldapReference field="groups"
directory="SUPINFOGroupDirectory"
forceDnConsistencyCheck="true"
staticAttributeId="memberOf" />
</references>
</directory>
<directory name="SUPINFOGroupDirectory">
<schema>SUPINFOGroup</schema>
<idField>name</idField>
<server>ldap-paris1</server>
<searchBaseDn>dc=esi-supinfo,dc=com</searchBaseDn>
<searchClass>group</searchClass>
<searchScope>subtree</searchScope>
<read-only>true</read-only>
<rdnAttribute>distinguishedName</rdnAttribute>
<fieldMapping name="name">name</fieldMapping>
<fieldMapping name="dn">distinguishedName</fieldMapping>
<references>
<ldapReference field="members"
directory="SUPINFOUserDirectory"
forceDnConsistencyCheck="true"
staticAttributeId="member" />
<ldapReference field="subGroups"
directory="SUPINFOGroupDirectory"
forceDnConsistencyCheck="true"
staticAttributeId="member" />
<ldapReference field="parentsGroup"
directory="SUPINFOGroupDirectory"
forceDnConsistencyCheck="true"
staticAttributeId="memberOf" />
</references>
</directory>
</extension>
I tried using inverse references instead of ldap references, but my LDAP
directory is quite big, and group resolution for a given user takes a while.
Is there a way to make slashes work in group names ?
Thanks,
--
Vivien Barousse
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
