topic LDAP, OpenDS integeration to Nuxeo? in Nuxeo Forum https://connect.hyland.com/t5/nuxeo-forum/ldap-opends-integeration-to-nuxeo/m-p/313439#M440 <P>I want to integrate Nuexeo EP 5.5 or 5.6 to OpenDS LDAP server, so that user could authenticate, i followed the aviliable document, did not help so far , i can not make it works, does any tried to do with OpenDS ?</P> <P>the following is the created default-ldap-users-directory-config.xml under /var/lib/nuxeo/server/conf (i use ubuntu Server 12.04)</P> <COMPONENT name="org.nuxeo.ecm.directory.ldap.storage.users"> <REQUIRE>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</REQUIRE> <!-- the groups SQL directories are required to make this bundle work --> <REQUIRE>org.nuxeo.ecm.directory.sql.storage</REQUIRE> <EXTENSION target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="servers"> <!-- Configuration of a server connection A single server declaration can point to a cluster of replicated servers (using OpenLDAP's slapd + sluprd for instance). To leverage such a cluster and improve availability, please provide one <ldapUrl/> tag for each replica of the cluster. --> <SERVER name="default"> <LDAPURL>ldap://localhost:389</LDAPURL> <!-- Optional servers from the same cluster for failover and load balancing: <ldapUrl>ldap://server2:389</ldapUrl> <ldapUrl>ldaps://server3:389</ldapUrl> "ldaps" means TLS/SSL connection. --> <!-- Credentials used by Nuxeo5 to browse the directory, create and modify entries. Only the authentication of users (bind) use the credentials entered through the login form if any. --> <BINDDN>cn=Directory Manager,ou=people,dc=myorg,dc=com</BINDDN> <BINDPASSWORD>password</BINDPASSWORD> </SERVER> </EXTENSION> <EXTENSION target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <DIRECTORY name="userDirectory"> <SERVER>default</SERVER> <SCHEMA>user</SCHEMA> <IDFIELD>username</IDFIELD> <PASSWORDFIELD>password</PASSWORDFIELD> <SEARCHBASEDN>ou=people,dc=alnabaa,dc=org</SEARCHBASEDN> <SEARCHCLASS>person</SEARCHCLASS> <!-- To additionally restricte entries you can add an arbitrary search filter such as the following: <searchFilter>(&amp;(sn=toto*)(myCustomAttribute=somevalue))</searchFilter> Beware that "&" writes "&amp;" in XML. --> <!-- use subtree if the people branch is nested --> <SEARCHSCOPE>onelevel</SEARCHSCOPE> <!-- using 'subany', search will match *toto*. use 'subfinal' to match *toto and 'subinitial' to match toto*. subinitial is the default behaviour--> <SUBSTRINGMATCHTYPE>subany</SUBSTRINGMATCHTYPE> <READONLY>false</READONLY> <!-- comment <cache* /> tags to disable the cache --> <!-- cache timeout in seconds --> <CACHETIMEOUT>3600</CACHETIMEOUT> <!-- maximum number of cached entries before global invalidation --> <CACHEMAXSIZE>1000</CACHEMAXSIZE> <!-- If the id field is not returned by the search, we set it with the searched entry, probably the login. Before setting it, you can change its case. Accepted values are 'lower' and 'upper', anything else will not change the case. --> <MISSINGIDFIELDCASE>lower</MISSINGIDFIELDCASE> <!-- Maximum number of entries returned by the search --> <QUERYSIZELIMIT>200</QUERYSIZELIMIT> <!-- Time to wait for a search to finish. 0 to wait indefinitely --> <QUERYTIMELIMIT>0</QUERYTIMELIMIT> <CREATIONBASEDN>ou=people,dc=myorg,dc=com</CREATIONBASEDN> <CREATIONCLASS>top</CREATIONCLASS> <CREATIONCLASS>person</CREATIONCLASS> <CREATIONCLASS>organizationalPerson</CREATIONCLASS> <CREATIONCLASS>inetOrgPerson</CREATIONCLASS> <RDNATTRIBUTE>uid</RDNATTRIBUTE> <FIELDMAPPING name="username">uid</FIELDMAPPING> <FIELDMAPPING name="password">userPassword</FIELDMAPPING> <FIELDMAPPING name="firstName">givenName</FIELDMAPPING> <FIELDMAPPING name="lastName">sn</FIELDMAPPING> <FIELDMAPPING name="company">o</FIELDMAPPING> <FIELDMAPPING name="email">mail</FIELDMAPPING> <REFERENCES> <INVERSEREFERENCE field="groups" directory="groupDirectory" dualreferencefield="members"></INVERSEREFERENCE> </REFERENCES> </DIRECTORY> </EXTENSION> <EXTENSION target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager"> <USERMANAGER> <DEFAULTADMINISTRATORID>admin.user</DEFAULTADMINISTRATORID> <DEFAULTGROUP>group-administrator</DEFAULTGROUP> </USERMANAGER> </EXTENSION> </COMPONENT> Tue, 02 Oct 2012 19:16:12 GMT ferrycode_ 2012-10-02T19:16:12Z LDAP, OpenDS integeration to Nuxeo? https://connect.hyland.com/t5/nuxeo-forum/ldap-opends-integeration-to-nuxeo/m-p/313439#M440 <P>I want to integrate Nuexeo EP 5.5 or 5.6 to OpenDS LDAP server, so that user could authenticate, i followed the aviliable document, did not help so far , i can not make it works, does any tried to do with OpenDS ?</P> <P>the following is the created default-ldap-users-directory-config.xml under /var/lib/nuxeo/server/conf (i use ubuntu Server 12.04)</P> <COMPONENT name="org.nuxeo.ecm.directory.ldap.storage.users"> <REQUIRE>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</REQUIRE> <!-- the groups SQL directories are required to make this bundle work --> <REQUIRE>org.nuxeo.ecm.directory.sql.storage</REQUIRE> <EXTENSION target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="servers"> <!-- Configuration of a server connection A single server declaration can point to a cluster of replicated servers (using OpenLDAP's slapd + sluprd for instance). To leverage such a cluster and improve availability, please provide one <ldapUrl/> tag for each replica of the cluster. --> <SERVER name="default"> <LDAPURL>ldap://localhost:389</LDAPURL> <!-- Optional servers from the same cluster for failover and load balancing: <ldapUrl>ldap://server2:389</ldapUrl> <ldapUrl>ldaps://server3:389</ldapUrl> "ldaps" means TLS/SSL connection. --> <!-- Credentials used by Nuxeo5 to browse the directory, create and modify entries. Only the authentication of users (bind) use the credentials entered through the login form if any. --> <BINDDN>cn=Directory Manager,ou=people,dc=myorg,dc=com</BINDDN> <BINDPASSWORD>password</BINDPASSWORD> </SERVER> </EXTENSION> <EXTENSION target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <DIRECTORY name="userDirectory"> <SERVER>default</SERVER> <SCHEMA>user</SCHEMA> <IDFIELD>username</IDFIELD> <PASSWORDFIELD>password</PASSWORDFIELD> <SEARCHBASEDN>ou=people,dc=alnabaa,dc=org</SEARCHBASEDN> <SEARCHCLASS>person</SEARCHCLASS> <!-- To additionally restricte entries you can add an arbitrary search filter such as the following: <searchFilter>(&amp;(sn=toto*)(myCustomAttribute=somevalue))</searchFilter> Beware that "&" writes "&amp;" in XML. --> <!-- use subtree if the people branch is nested --> <SEARCHSCOPE>onelevel</SEARCHSCOPE> <!-- using 'subany', search will match *toto*. use 'subfinal' to match *toto and 'subinitial' to match toto*. subinitial is the default behaviour--> <SUBSTRINGMATCHTYPE>subany</SUBSTRINGMATCHTYPE> <READONLY>false</READONLY> <!-- comment <cache* /> tags to disable the cache --> <!-- cache timeout in seconds --> <CACHETIMEOUT>3600</CACHETIMEOUT> <!-- maximum number of cached entries before global invalidation --> <CACHEMAXSIZE>1000</CACHEMAXSIZE> <!-- If the id field is not returned by the search, we set it with the searched entry, probably the login. Before setting it, you can change its case. Accepted values are 'lower' and 'upper', anything else will not change the case. --> <MISSINGIDFIELDCASE>lower</MISSINGIDFIELDCASE> <!-- Maximum number of entries returned by the search --> <QUERYSIZELIMIT>200</QUERYSIZELIMIT> <!-- Time to wait for a search to finish. 0 to wait indefinitely --> <QUERYTIMELIMIT>0</QUERYTIMELIMIT> <CREATIONBASEDN>ou=people,dc=myorg,dc=com</CREATIONBASEDN> <CREATIONCLASS>top</CREATIONCLASS> <CREATIONCLASS>person</CREATIONCLASS> <CREATIONCLASS>organizationalPerson</CREATIONCLASS> <CREATIONCLASS>inetOrgPerson</CREATIONCLASS> <RDNATTRIBUTE>uid</RDNATTRIBUTE> <FIELDMAPPING name="username">uid</FIELDMAPPING> <FIELDMAPPING name="password">userPassword</FIELDMAPPING> <FIELDMAPPING name="firstName">givenName</FIELDMAPPING> <FIELDMAPPING name="lastName">sn</FIELDMAPPING> <FIELDMAPPING name="company">o</FIELDMAPPING> <FIELDMAPPING name="email">mail</FIELDMAPPING> <REFERENCES> <INVERSEREFERENCE field="groups" directory="groupDirectory" dualreferencefield="members"></INVERSEREFERENCE> </REFERENCES> </DIRECTORY> </EXTENSION> <EXTENSION target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager"> <USERMANAGER> <DEFAULTADMINISTRATORID>admin.user</DEFAULTADMINISTRATORID> <DEFAULTGROUP>group-administrator</DEFAULTGROUP> </USERMANAGER> </EXTENSION> </COMPONENT> Tue, 02 Oct 2012 19:16:12 GMT https://connect.hyland.com/t5/nuxeo-forum/ldap-opends-integeration-to-nuxeo/m-p/313439#M440 ferrycode_ 2012-10-02T19:16:12Z