Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Nuxeo
- Nuxeo Forum
- Add multiple ldap servers configuration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Add multiple ldap servers configuration
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 08:56 AM
Hi,
I am having requirement to connect with 2 LADP servers to get users. Currently in nuxeo I can connect with only one LDAP server using default-ldap-users-directory-config.xml.
/>
In this file how can I add 2 LADP servers to connect and get users from that. Can any one solve this.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2017 05:40 AM
Hi, I have did this by configuring multiple ldapUserDirectory tags and multiple server tag in default-ldap-users-directory-bundle.xml file as shown below. also you can find attatchment of this file.
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.directory.ldap.storage.users">
<implementation class="org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" />
<implementation class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor" />
<require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
<!-- the groups SQL directories are required to make this bundle work -->
<require>org.nuxeo.ecm.directory.sql.storage</require>
<require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
point="servers">
<!-- Configuration of a server connection
A single server declaration can point to a cluster of replicated
servers (using OpenLDAP's slapd + sluprd for instance). To leverage
such a cluster and improve availability, please provide one
<ldapUrl/> tag for each replica of the cluster.
-->
<server name="default">
<ldapUrl>ldap://server1:389</ldapUrl>
<!-- Optional servers from the same cluster for failover
and load balancing:
<ldapUrl>ldap://server2:389</ldapUrl>
<ldapUrl>ldaps://server3:389</ldapUrl>
"ldaps" means TLS/SSL connection.
-->
<!-- Credentials used by Nuxeo5 to browse the directory, create
and modify entries.
Only the authentication of users (bind) use the credentials entered
through the login form if any.
-->
<bindDn>cn=unotech,cn=users,dc=unotechsoft,dc=com</bindDn>
<bindPassword>redhat@123</bindPassword>
<!-- Attempts to get a result when LDAP is temporary unavailable -->
<retries>5</retries>
</server>
<server name="default1">
<ldapUrl>ldap://server2:389</ldapUrl>
<bindDn>cn=Manager,dc=hitendra,dc=com </bindDn>
<bindPassword>secret</bindPassword>
<retries>5</retries>
</server>
</extension>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
point="directories">
<directory name="ldapUserDirectory">
<server>default</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<searchBaseDn>dc=unotechsoft,dc=com</searchBaseDn>
<searchClass>person</searchClass>
<!-- To additionally restricte entries you can add an
arbitrary search filter such as the following:
Beware that "&" writes "&" in XML.
<searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</searchFilter>
-->
<!-- use subtree if the people branch is nested -->
<searchScope>subtree</searchScope>
<!-- using 'subany', search will match *toto*. use 'subfinal' to
match *toto and 'subinitial' to match toto*. subinitial is the
default behaviour-->
<substringMatchType>subinitial</substringMatchType>
<readOnly>true</readOnly>
<!-- comment <cache* /> tags to disable the cache -->
<cacheEntryName>ldap-user-entry-cache</cacheEntryName>
<cacheEntryWithoutReferencesName>ldap-user-entry-cache-without-references</cacheEntryWithoutReferencesName>
<!--
If the id field is not returned by the search, we set it with the searched entry, probably the login.
Before setting it, you can change its case. Accepted values are 'lower' and 'upper',
anything else will not change the case.
-->
<missingIdFieldCase>lower</missingIdFieldCase>
<!-- Maximum number of entries returned by the search -->
<querySizeLimit>200</querySizeLimit>
<!-- Time to wait for a search to finish. 0 to wait indefinitely -->
<queryTimeLimit>0</queryTimeLimit>
<creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>person</creationClass>
<creationClass>organizationalPerson</creationClass>
<creationClass>inetOrgPerson</creationClass>
<rdnAttribute>sAMAccountName</rdnAttribute>
<fieldMapping name="username">givenName</fieldMapping>
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">o</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="sqlGroupDirectory"
dualReferenceField="members" />
</references>
</directory>
<directory name="ldapUserDirectory1">
<server>default1</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<searchBaseDn>dc=hitendra,dc=com</searchBaseDn>
<searchClass>person</searchClass>
<!-- use subtree if the people branch is nested -->
<searchScope>subtree</searchScope>
<!-- using 'subany', search will match *toto*. use 'subfinal' to
match *toto and 'subinitial' to match toto*. subinitial is the
default behaviour-->
<substringMatchType>subinitial</substringMatchType>
<readOnly>true</readOnly>
<!-- comment <cache* /> tags to disable the cache -->
<cacheEntryName>ldap-user-entry-cache</cacheEntryName>
<cacheEntryWithoutReferencesName>ldap-user-entry-cache-without-references</cacheEntryWithoutReferencesName>
<missingIdFieldCase>lower</missingIdFieldCase>
<!-- Maximum number of entries returned by the search -->
<querySizeLimit>20</querySizeLimit>
<!-- Time to wait for a search to finish. 0 to wait indefinitely -->
<queryTimeLimit>0</queryTimeLimit>
<creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>person</creationClass>
<creationClass>organizationalPerson</creationClass>
<creationClass>inetOrgPerson</creationClass>
<rdnAttribute>cn</rdnAttribute>
<fieldMapping name="username">uid</fieldMapping>
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">cn</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">o</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="sqlGroupDirectory"
dualReferenceField="members" />
</references>
</directory>
</extension>
<implementation class="org.nuxeo.ecm.directory.sql.SQLDirectoryDescriptor" />
<require>org.nuxeo.ecm.directory.sql.SQLDirectoryFactory</require>
<extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory"
point="directories">
<directory name="sqlUserDirectory">
<schema>user</schema>
<dataSource>jdbc/nxsqldirectory</dataSource>
<table>users</table>
<idField>username</idField>
<passwordField>password</passwordField>
<passwordHashAlgorithm>SSHA</passwordHashAlgorithm>
<autoincrementIdField>false</autoincrementIdField>
<computeMultiTenantId>false</computeMultiTenantId>
<dataFile>users.csv</dataFile>
<createTablePolicy>on_missing_columns</createTablePolicy>
<querySizeLimit>50</querySizeLimit>
<cacheEntryName>sql-user-entry-cache</cacheEntryName>
<cacheEntryWithoutReferencesName>sql-user-entry-cache-without-references</cacheEntryWithoutReferencesName>
<references>
<inverseReference field="groups" directory="sqlGroupDirectory"
dualReferenceField="members" />
</references>
</directory>
<directory name="sqlGroupDirectory">
<schema>group</schema>
<dataSource>jdbc/nxsqldirectory</dataSource>
<table>groups</table>
<idField>groupname</idField>
<dataFile>groups.csv</dataFile>
<createTablePolicy>on_missing_columns</createTablePolicy>
<autoincrementIdField>false</autoincrementIdField>
<cacheEntryName>sql-group-entry-cache</cacheEntryName>
<cacheEntryWithoutReferencesName>sql-group-entry-cache-without-references</cacheEntryWithoutReferencesName>
<references>
<tableReference field="members" directory="multiUserDirectory"
table="user2group" sourceColumn="groupId" targetColumn="userId" schema="user2group"
dataFile="user2group.csv" />
<tableReference field="subGroups" directory="sqlGroupDirectory"
table="group2group" sourceColumn="parentGroupId"
targetColumn="childGroupId" schema="group2group" />
<inverseReference field="parentGroups" directory="sqlGroupDirectory"
dualReferenceField="subGroups" />
</references>
</directory>
</extension>
<extension
target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory"
point="directories">
<directory name="multiUserDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="userSQLsource" creation="true">
<subDirectory name="sqlUserDirectory" />
</source>
<source name="userLDAPsource">
<subDirectory name="ldapUserDirectory" />
</source>
<source name="userLDAPsource">
<subDirectory name="ldapUserDirectory1" />
</source>
</directory>
<directory name="multiGroupDirectory">
<schema>group</schema>
<idField>groupname</idField>
<source name="groupSQLsource" creation="true">
<subDirectory name="sqlGroupDirectory" />
</source>
<source name="groupLDAPsource">
<subDirectory name="ldapGroupDirectory" />
</source>
</directory>
</extension>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<userCacheName>default-cache</userCacheName>
<defaultAdministratorId>unotech</defaultAdministratorId>
<defaultGroup>members</defaultGroup>
<users>
<directory>multiUserDirectory</directory>
<virtualUser id="unotech" searchable="false">
<password>redhat@123</password>
<property name="firstName"></property>
<property name="lastName"></property>
<group>administrators</group>
</virtualUser>
<anonymousUser id="Guest">
<property name="firstName">Guest</property>
<property name="lastName">User</property>
</anonymousUser>
</users>
<groups>
<directory>sqlGroupDirectory</directory>
</groups>
</userManager>
</extension>
</component>
Related Content
- LDAP with OneTimePasswords in Nuxeo Forum
- Nuxeo Clustering in Nuxeo Forum
- What is the correct way to make Nuxeo work with MongoDB and Elasticsearch? in Nuxeo Forum
- Nuxeo 10.10-HF29 with Strimzi 0.18.0 Kafka 2.5 in OpenShift Code Ready Containers in Nuxeo Forum
- Template not found: mongodb in Nuxeo Forum
Getting started
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
