Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP with 2 OU

delphine_
Star Contributor
Star Contributor

‎11-12-2012 01:05 PM

Hello,

I want to connect Nuxeo with our LDAP. But persons are saved in several "OU". How can I do it ? I try with "multi-users-directory" but it doesn't work.

I create a file default-ldap-users-directory-bundle.xml with configuration of ldap :

  • 1 directory for OU=firstOU
  • 1 directory for OU=secondOU

Then I create a file default-multi-users-directory-bundle.xml with that :

<component name="org.nuxeo.ecm.directory.multi.config">
  <extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories">
    <directory name="userDirectory">
      <schema>user</schema>
      <idField>username</idField>
      <passwordField>password</passwordField>
      <source name="userLDAPSourceFirst" creation="false">
        <subDirectory name="firstOU"/>
        <optional>true</optional>
      </source>
      <source name="userLDAPSourceSecond" creation="false">
        <subDirectory name="secondOU"/>
        <optional>true</optional>
      </source>
    </directory>
  </extension>
</component>

I can connecte with firstOU and in adminCenter I can see persons of firstOU. But it doesn't work for seondOU. In server.log, I have an error :

ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed
javax.security.auth.login.LoginException: principal Administrator does not exist
     at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:300) ...

Can anyone help me ? Has anyone an exemple of that ? Thank you in advance.

0 Kudos
2 REPLIES 2

Olivier_Grisel
Star Contributor
Star Contributor

‎11-22-2012 06:21 AM

You can point the searchBaseDN to the common root of the 2 OUs and then set searchScope to subtree.

You should also use searchFilter to a valid LDAP filter expression to filterout the unwanted entries based on attributes such as for instance:

 <searchFilter>(&amp;(objectClass=theObjectClassOfMyMembers)(|(ou=firstOU)(ou=secondOU))</searchFilter>

Note that for this filter to work you need all the entries to actually have the ou attributes stored and indexed (not just the dn).

You can check the LDAP filter syntax for more complex filtering options. I would advise you to use a tool such as Apache Directory Studio to simulate the right baseDN / scope / filters combo that works for you.

0 Kudos

delphine_
Star Contributor
Star Contributor
In response to Olivier_Grisel

‎11-23-2012 06:17 AM

Thanks for your help.<br/>

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC