https://connect.hyland.com/t5/nuxeo-forum/trouble-with-ldap-dynamic-groups/m-p/323454#M10455 <P>Hi all , We still use Nuxeo 5.6 connected to a ldap. Ldap manage users and groups (static and dynamic groups). Everything works as expected. We try to upgrade to the latest Nuxeo platform version LTS 7.10. I upgraded our 5.6 installation to 5.8 then 6.0, following the excellent Nuxeo documentation. Everything worked as expected.</P> <P>Our problems started upgrading 6.0 version to 7.10. Once the upgrade done (still folowing the documentation), it was just impossible to log in the platform (https://answers.nuxeo.com/general/q/f9dec9b209044181a59831014f6aefa3/Nuxeo-7-10-ldap-authentication ). I managed to to log in modifying the default-ldap-users-directory-bundle.xml file but I never succeded to see statics or dynamics groups once connected. In addition, I encountered somme problems with permissions on folders or files.</P> <P>Installing the 8.x version and using the default-ldap-users-directory-bundle.xml that never worked with the 7.10 (same as documentation provided by nuxeo), things restarted working again : log in, users permissions, and statics groups, partialy dynamic groups. But still a problem: I am able to see these dynamics groups as well as users of these groups, but not the reverse : the groups they belong to are not displayed excepted groups built using the filter username field mapping name. In my case :</P> <PRE><CODE>&lt;rdnAttribute&gt;cn&lt;/rdnAttribute&gt; &lt;fieldMapping name="username"&gt;mail&lt;/fieldMapping&gt; </CODE></PRE> <P>Dynamic group ldap memberURL value : ldap:///ou=XXXX,ou=people,dc=yyy,dc=fr?cn?sub?(mail=*) All groups built on this model are displayed. All others are not, for example (not working): ldap:///ou=XXX,ou=people,dc=yyy,dc=fr??sub?(supannCondition= myCondition)</P> <P>Logs :</P> <PRE><CODE>2016-06-22 09:21:31,640 DEBUG [ajp-bio-0.0.0.0-8009-exec-10] [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(my.user@organisation.fr): LDAP search search base='ou=groupes-dynamiques,ou=Applications,dc=institution,dc=fr' filter='(&amp;(member={0})(&amp;(&amp;(|(objectClass=groupOfNames)(objectClass=groupOfURLs)))(cn=*)))' args='cn=My User,ou=organization,ou=people,dc=institution,dc=fr' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='ldapGroupDirectory' with targetDirectory='ldapUserDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']. </CODE></PRE> <P>To sum up : LDAP dynamic groups stopped working after 6.0 version. Is Nuxeo waiting now a ldap configuration we don't have (we use dynlit contribution ) ? In this case, do you have recommendations to make LDAP-Nuxeo fully functionnal ? Or is there a way to specify other kinds of filters in our xml file configuration , and in this case , how ?</P> <P>Thanks a lot for your answers,</P> <P>Best regards</P> <P>Vincent</P> Wed, 22 Jun 2016 09:57:02 GMT vicent 2016-06-22T09:57:02Z https://connect.hyland.com/t5/nuxeo-forum/trouble-with-ldap-dynamic-groups/m-p/323454#M10455 <P>Hi all , We still use Nuxeo 5.6 connected to a ldap. Ldap manage users and groups (static and dynamic groups). Everything works as expected. We try to upgrade to the latest Nuxeo platform version LTS 7.10. I upgraded our 5.6 installation to 5.8 then 6.0, following the excellent Nuxeo documentation. Everything worked as expected.</P> <P>Our problems started upgrading 6.0 version to 7.10. Once the upgrade done (still folowing the documentation), it was just impossible to log in the platform (https://answers.nuxeo.com/general/q/f9dec9b209044181a59831014f6aefa3/Nuxeo-7-10-ldap-authentication ). I managed to to log in modifying the default-ldap-users-directory-bundle.xml file but I never succeded to see statics or dynamics groups once connected. In addition, I encountered somme problems with permissions on folders or files.</P> <P>Installing the 8.x version and using the default-ldap-users-directory-bundle.xml that never worked with the 7.10 (same as documentation provided by nuxeo), things restarted working again : log in, users permissions, and statics groups, partialy dynamic groups. But still a problem: I am able to see these dynamics groups as well as users of these groups, but not the reverse : the groups they belong to are not displayed excepted groups built using the filter username field mapping name. In my case :</P> <PRE><CODE>&lt;rdnAttribute&gt;cn&lt;/rdnAttribute&gt; &lt;fieldMapping name="username"&gt;mail&lt;/fieldMapping&gt; </CODE></PRE> <P>Dynamic group ldap memberURL value : ldap:///ou=XXXX,ou=people,dc=yyy,dc=fr?cn?sub?(mail=*) All groups built on this model are displayed. All others are not, for example (not working): ldap:///ou=XXX,ou=people,dc=yyy,dc=fr??sub?(supannCondition= myCondition)</P> <P>Logs :</P> <PRE><CODE>2016-06-22 09:21:31,640 DEBUG [ajp-bio-0.0.0.0-8009-exec-10] [org.nuxeo.ecm.directory.ldap.LDAPReference] LDAPReference.getSourceIdsForTarget(my.user@organisation.fr): LDAP search search base='ou=groupes-dynamiques,ou=Applications,dc=institution,dc=fr' filter='(&amp;(member={0})(&amp;(&amp;(|(objectClass=groupOfNames)(objectClass=groupOfURLs)))(cn=*)))' args='cn=My User,ou=organization,ou=people,dc=institution,dc=fr' scope='2' [LDAPReference to resolve field='members' of sourceDirectory='ldapGroupDirectory' with targetDirectory='ldapUserDirectory' and staticAttributeId='member', dynamicAttributeId='memberURL']. </CODE></PRE> <P>To sum up : LDAP dynamic groups stopped working after 6.0 version. Is Nuxeo waiting now a ldap configuration we don't have (we use dynlit contribution ) ? In this case, do you have recommendations to make LDAP-Nuxeo fully functionnal ? Or is there a way to specify other kinds of filters in our xml file configuration , and in this case , how ?</P> <P>Thanks a lot for your answers,</P> <P>Best regards</P> <P>Vincent</P> Wed, 22 Jun 2016 09:57:02 GMT https://connect.hyland.com/t5/nuxeo-forum/trouble-with-ldap-dynamic-groups/m-p/323454#M10455 vicent 2016-06-22T09:57:02Z