Hyland Connect

__3 · ‎01-21-2016

Hi!

I have problem with permissions. While Members Group should read all domains, and documents I see information that I can't see any content(logged as user from members group). I tried to change it at permissions settings but regiving permissions for members group or any user isn't working. I'm using Oracle database.

vicent · ‎01-26-2016

Hi,

I have the same problem. The content is only avalaible for the administrators guys. And nobody else is able to see content. I migated from 5.6 version to the latest LTS. Everythings was working fine with the previous versions (5.6, 5.8; 6.0) . In my case Ihad some problems to link the Nuxeo (version 7.10) with our ldap. (https://answers.nuxeo.com/general/q/f9dec9b209044181a59831014f6aefa3/Nuxeo-7-10-ldap-authentication)

ssze_ · ‎01-26-2016

Hi,

I have the same issues using LDAP that the permission behavior changed in the 2015 LTS. Now it is not enough for the Members group to have read and version rights by inheritance on the root node to see items (default setup). I had to add the members group locally on the root and other nodes too to make it work.

Stefan

vicent · ‎01-26-2016

Thanks for you answer,

Did you define the group members in your ldap ? If not, in my case, this group doesn't exist in the application. If defined each time the permissions is check, the answer of the ldap takes a too long time, Ihave to reload the page in my browser (time out).

I never had this problem with previous versions (5.6, 5.8, 6.0) , the members group was not defined in our ldap.

Vincent

ssze_ · ‎01-26-2016

We don't have the members group defined in LDAP - it's only there in nuxeo by default. And by default, the following permssions are set on the root node

vicent · ‎01-26-2016

Thanks again for your answer.

Olivier_Salaün · ‎01-23-2017

We also face the same issue while preparing our migration from Nuxeo 5.8 to Nuxeo LTS2015.

With Nuxeo server in DEBUG mode we notice these log entries while accessing the "Permissions" tab :

017-01-23 11:15:01,305 DEBUG [http-bio-0.0.0.0-8856-exec-21] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(members, true): LDAP search base='ou=grouper,dc=univ-rennes1,dc=fr' filter='(&(cn={0})(&(&(objectClass=groupOfNames))(cn=*)))'  args='members' scope='1' [LDAPSession '-3831897279493570335' for directory ldapGroupDirectory]
2017-01-23 11:15:01,371 WARN  [http-bio-0.0.0.0-8856-exec-21] [org.nuxeo.ecm.directory.ldap.LDAPSession] The application should not query for entries with an empty id => return no results

If I understand it correctly, the Nuxeo server is not able to load ACEs referring to the "members" group; while Nuxeo 5.8 was behaving well with them.

I noticed the reference to defaultGroup in the Nuxeo documentation https://doc.nuxeo.com/nxdoc/using-a-ldap-directory/ and tried changing our default-ldap-users-directory-bundle.xml as follows, but we still face the same issue:

...
  <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">

    <userManager>
      <userCacheName>default-cache</userCacheName>
      <defaultAdministratorId>p-salaun</defaultAdministratorId>
      <defaultGroup>members</defaultGroup>
      <users>
        <directory>ldapUserDirectory</directory>
        <virtualUser id="MyAdministrator" searchable="false">
          <password>secret</password>
          <property name="firstName"></property>
          <property name="lastName"></property>
          <group>administrators</group>
        </virtualUser>
        <anonymousUser id="Anonyme">
          <property name="firstName">Invite</property>
          <property name="lastName">Utilisateur</property>
        </anonymousUser>
      </users>
      <groups>
        <directory>ldapGroupDirectory</directory>
      </groups>
    </userManager>

Any feedback from the Nuxeo team on this? Anyone found a workaround?

Olivier_Salaün · ‎02-08-2017

Eventually we found a way to fix the issue

Hyland Connect

Members can't see documents