Since we integrated Nuxeo with our LDAP server some users belong to many groups (more than 100).
When a user who belongs to many groups logins, the following message is shown in the log:
2015-04-06 19:35:18,317 DEBUG [http-bio-0.0.0.0-8080-exec-64] [org.nuxeo.ecm.directory.BaseSession] Can't get current user to check directory permission. EVERYTHING is allowed by default
After login the user gets an exception due to lack of permissions:
2015-04-07 08:34:09,977 ERROR [http-bio-0.0.0.0-8080-exec-18] [org.nuxeo.ecm.core.api.CoreSession] Permission 'Read' is not granted to 'grouptestuser' on document /default-domain (49905e21-0e65-4ab3-abaf-d513026a6de8 - Domain)
2015-04-07 08:34:10,055 ERROR [http-bio-0.0.0.0-8080-exec-18] [org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler] javax.servlet.ServletException: /widgets/listing/listing_lock_icon_widget_template.xhtml @7,38 test="#{not empty field_1}" /widgets/listing/listing_lock_icon_widget_template.xhtml @7,38 test="#{not empty field_1}": Error reading 'lockInfo' en el tipo org.nuxeo.ecm.core.api.impl.DocumentModelImpl
Apparently user get to see all the tree of navigation, but when he tries to see a folder or document he is not allowed to see the exception occurs.
We've manage to get a workaround configuring ldap group filtering in nuxeo, but we'd like to know if there is a limitation on the number of groups.
Thanks in advance.
