Hi all, My setup is as follows: Nuxeo DM 5.3.1 using Jboss on a CentOS 5.4. I am trying to set up the user authentication and groups using an Active Directory server. This is maybe a special case, but we here have 2 domains so we use the Global Catalog to allow all of our users to connect. As we will see later, this has a quite heavy drawback.. The user configuration went smooth and my users can connect correctly, using the sAMAccountName attribute, as long as a user is not duplicated in the forest (that is perfect, all my applications use this principle). For the groups configuration, I first tried to user the cn attribute to get the group names. But as we have two distinct domains, we can have two groups with the same cn, and that just screws up the system. A user not belonging to a duplicated group could still log in, but all the users in a duplicated group (let's say sysadmin, as there are sysadmins in both domains) got stuck on the login screen. The traces on the server showed that the system could not determine if one user was from one group or the other. I tried to map the groupname on the distinguishedName attribute. That worked quite well, and my users could then log in. A search on the users even displayed the groups ther were belonging to. That looked quite good, so I tried to set rights based on the groups my users were in. What would you use groups for except this? And that is not possible. Why? Because you can not find any group in the group search form.
The groups, named by the distinguishedName, look like this: "CN=sysadmin,OU=security,OU=Groups,DC=subdomain,DC=domain,DC=com" But there is also: "CN=sysadmin,OU=security,OU=Groups,DC=domain,DC=com" And these are not found on the group search form. Named after the cn attribute or the sAMAccountName, they both are "sysadmin", so when you click on one of those, you get an error as nuxeo is not able to determine which one you want to see. So if anyone knows of a way to get around the problem in the search form, I would be very happy to hear about it! Thanks a lot for your attention. -- Posted by "philb" at Nuxeo Discussions <http://nuxeo.org/discussions> View the complete thread: <http://www.nuxeo.org/discussions/thread.jspa?threadID=3497#10658> _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
