12-18-2012 11:46 AM
Hello
We try to connect 2 Active Directory for our Nuxeo.
We use a file "default-multi-ldap-users-directory-bundle.xml" in which we indicate the two directories.
/>
But server send an error "Directory 'userDirectory' source 'ldapUserDirectories' has two subdirectories with a password field"
Here our "default-multi-ldap-users-directory-bundle.xml" :
<component name="org.nuxeo.ecm.directory.ldap.storage.users">
<require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
<require>org.nuxeo.ecm.directory.multi.MultiDirectoryFactory</require>
<require>org.nuxeo.ecm.directory.sql.storage</require>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="servers">
<server name="serverSO">
<ldapUrl>ldap://adxxx:389</ldapUrl>
<bindDn>CN=xxx</bindDn>
<bindPassword>xxx</bindPassword>
</server>
<server name="serverPP">
<ldapUrl>ldap://xxx:389</ldapUrl>
<bindDn>CN=xxx</bindDn>
<bindPassword>xxx</bindPassword>
</server>
</extension>
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
<directory name="ldapUserDirectorySO">
<server>serverSO</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<searchBaseDn>dc=xxx</searchBaseDn>
<searchClass>person</searchClass>
<searchScope>subtree</searchScope>
<substringMatchType>subany</substringMatchType>
<readOnly>true</readOnly>
<cacheTimeout>3600</cacheTimeout>
<cacheMaxSize>2000</cacheMaxSize>
<missingIdFieldCase>lower</missingIdFieldCase>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<rdnAttribute>uid</rdnAttribute>
<fieldMapping name="username">sAMAccountName</fieldMapping>
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">company</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="groupDirectory" dualReferenceField="members" />
</references>
</directory>
<directory name="ldapUserDirectoryPP">
<server>serverPP</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<searchBaseDn>OU=xxx</searchBaseDn>
<searchClass>person</searchClass>
<searchScope>subtree</searchScope>
<substringMatchType>subany</substringMatchType>
<readOnly>true</readOnly>
<cacheTimeout>3600</cacheTimeout>
<cacheMaxSize>2000</cacheMaxSize>
<missingIdFieldCase>lower</missingIdFieldCase>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<rdnAttribute>uid</rdnAttribute>
<fieldMapping name="username">sAMAccountName</fieldMapping>
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">company</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="groupDirectory" dualReferenceField="members" />
</references>
</directory>
</extension>
<extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
<directory name="userDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="ldapUserDirectories">
<subDirectory name="ldapUserDirectorySO" />
<subDirectory name="ldapUserDirectoryPP" />
</source>
</directory>
</extension>
</component>
And here the error :
ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] Authentication failed: Directory 'userDirectory' source 'ldapUserDirectories' has two subdirectories with a password field, 'ldapUserDirectorySO' and 'ldapUserDirectoryPP'
org.nuxeo.ecm.directory.DirectoryException: Directory 'userDirectory' source 'ldapUserDirectories' has two subdirectories with a password field, 'ldapUserDirectorySO' and 'ldapUserDirectoryPP'
at org.nuxeo.ecm.directory.multi.MultiDirectorySession.recomputeSourceInfos(MultiDirectorySession.java:276)
at org.nuxeo.ecm.directory.multi.MultiDirectorySession.init(MultiDirectorySession.java:174)
at org.nuxeo.ecm.directory.multi.MultiDirectorySession.authenticate(MultiDirectorySession.java:388)
at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkUsernamePassword(UserManagerImpl.java:382)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:321)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:210)
at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:261)
at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
at sun.reflect.GeneratedMethodAccessor56.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:233)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:484)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:345)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
12-18-2012 12:00 PM
In your multi directory configuration, you put both LDAP directories in the same source
hence their entries are expected to be mergeable (each entry of the multi is expected to be compound with attributes coming from matching entries in both subdirectories). For this type of configuration to work, only one of the subdirectories is expected to provide the authentication field.
<extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
<directory name="userDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="ldapUserDirectories">
<subDirectory name="ldapUserDirectorySO" />
<subDirectory name="ldapUserDirectoryPP" />
</source>
</directory>
</extension>
If you want to stack the entries rather than combining them into single entries you should put the subdirectories into separate sources:
<extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
<directory name="userDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="ldapUserDirectorySO">
<subDirectory name="ldapUserDirectorySO" />
</source>
<source name="ldapUserDirectoryPP">
<subDirectory name="ldapUserDirectoryPP" />
</source>
</directory>
</extension>
More details in the documentation.
12-18-2012 12:00 PM
In your multi directory configuration, you put both LDAP directories in the same source
hence their entries are expected to be mergeable (each entry of the multi is expected to be compound with attributes coming from matching entries in both subdirectories). For this type of configuration to work, only one of the subdirectories is expected to provide the authentication field.
<extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
<directory name="userDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="ldapUserDirectories">
<subDirectory name="ldapUserDirectorySO" />
<subDirectory name="ldapUserDirectoryPP" />
</source>
</directory>
</extension>
If you want to stack the entries rather than combining them into single entries you should put the subdirectories into separate sources:
<extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
<directory name="userDirectory">
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<source name="ldapUserDirectorySO">
<subDirectory name="ldapUserDirectorySO" />
</source>
<source name="ldapUserDirectoryPP">
<subDirectory name="ldapUserDirectoryPP" />
</source>
</directory>
</extension>
More details in the documentation.
12-18-2012 12:42 PM
MANY THANKS !!! It works
04-16-2014 12:32 PM
What about if i want to merge them what should i do because i have the same problem? I want to merge the local user with ldap user.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.