Hi,
I've configured the active directory authentication on Nuxeo 5.9.3.
I can log on Nuxeo with Active directory account.
I can search Active Directory users and groups on Nuxeo.
In the group view I don't see his Active directory members and in the user view I don't see his Active directory groups.
I configure the 3 example files (https://github.com/nuxeo/nuxeo-services/tree/master/nuxeo-platform-directory/nuxeo-platform-directory-ldap/examples) but it seems I miss a thing.
How cant I fix this issue, I already search in this forum but I don't see a solution.
My groupLdap configuration file:
org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory
org.nuxeo.ecm.directory.ldap.storage.users
<directory name="groupLdapDirectory">
<!-- Reuse the default server configuration defined for userLdapDirectory -->
<server>default</server>
<schema>group</schema>
<idField>groupname</idField>
<searchBaseDn>ou=xxx,dc=xxx,dc=xx</searchBaseDn>
<searchFilter>
(|(objectclass=group)(objectClass=groupOfURLs))
</searchFilter>
<searchScope>subtree</searchScope>
<readOnly>false</readOnly>
<!-- comment <cache* /> tags to disable the cache -->
<!-- cache timeout in seconds -->
<cacheTimeout>3600</cacheTimeout>
<!-- maximum number of cached entries before global invalidation -->
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>ou=xxx,dc=xxx,dc=xx</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>group</creationClass>
<!-- Maximum number of entries returned by the search -->
<querySizeLimit>200</querySizeLimit>
<!-- Time to wait for a search to finish. 0 to wait indefinitely -->
<queryTimeLimit>0</queryTimeLimit>
cn
cn
<references>
<!-- LDAP reference resolve DNs embedded in uniqueMember attributes
If the target directory has no specific filtering policy, it is most
of the time not necessary to enable the 'forceDnConsistencyCheck' policy.
Enabling this option will fetch each reference entry to ensure its
existence in the target directory.
-->
<ldapReference field="members" directory="userLdapDirectory"
forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"
dynamicAttributeId="memberURL" />
<ldapReference field="subGroups" directory="groupLdapDirectory"
forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"
dynamicAttributeId="memberURL" />
<inverseReference field="parentGroups" directory="groupLdapDirectory"
dualReferenceField="subGroups" />
<!-- LDAP tree reference resolves children following the ldap tree
structure.
Available scopes are "onelevel" (default), "subtree". Children with
same id than parent will be filtered.
Enabling this option will fetch each reference entry to ensure its
existence in the target directory.
WARNING: Edit is NOT IMPLEMENTED: modifications to this field will be
ignored when saving the entry.
-->
<ldapTreeReference field="directChildren" directory="unitDirectory"
scope="onelevel" />
<ldapTreeReference field="children" directory="unitDirectory"
</references>
</directory>
