Hyland Connect

Yannick_ · ‎06-12-2014

Hello, I'm using nuxeo 5.9.3 on ubuntu server 12.04 and I configured the active directory authentication in Nuxeo. I can log in with active directory account in Nuxeo without problems. I can found my active directory group in Nuxeo but there's no members in it. How can i fix this issue?

Here's my default-ldap-group configuration and my userManagement extension point.

Thanks for your time.

 <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">

  <directory name="groupLdapDirectory">

  <server>default</server>

  <schema>group</schema>
  <idField>groupname</idField>
  <searchBaseDn>ou=xxx,dc=xxx,dc=xx</searchBaseDn>
  <searchFilter>
    (objectclass=group)
  </searchFilter>
  <searchScope>subtree</searchScope>
  <readOnly>false</readOnly>
  <cacheTimeout>3600</cacheTimeout>
  <cacheMaxSize>1000</cacheMaxSize>
  <creationBaseDn>ou=xxxx,dc=xxx,dc=xx</creationBaseDn>
  <creationClass>top</creationClass>
  <creationClass>group</creationClass>
  <querySizeLimit>200</querySizeLimit>
  <queryTimeLimit>0</queryTimeLimit>
  <rdnAttribute>cn</rdnAttribute>
  <fieldMapping name="groupname">cn</fieldMapping>

  <references>

    <ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
    <ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />

    <inverseReference field="parentGroups" directory="groupLdapDirectory" dualReferenceField="subGroups" />

    <ldapTreeReference field="directChildren" directory="unitDirectory" scope="onelevel" />
    <ldapTreeReference field="children" directory="unitDirectory" scope="subtree" />

  </references>

 </directory>
   </extension>

    <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <defaultAdministratorId>Administrateur</defaultAdministratorId>
      <defaultGroup>members</defaultGroup>
      <disableDefaultAdministratorsGroup>true</disableDefaultAdministratorsGroup>
    </userManager>
  </extension>


<component name="org.nuxeo.ecm.platform.usermanager.VirtualGroups">
         <require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
         <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">

       <userManager class="org.nuxeo.ecm.platform.usermanager.UserManagerImpl">
      <users>
        <directory>userLdapDirectory</directory>
      </users>
      <groups>
        <directory>groupLdapDirectory</directory>
      </groups>
    </userManager>
  </extension>
   </component>

Thierry_Martins · ‎06-12-2014

hello,

the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is "uniqueMember", but for Active Directory, the attribute may be "member".

Kind regards,

Thierry

View answer in original post

Thierry_Martins · ‎06-12-2014

hello,

the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is "uniqueMember", but for Active Directory, the attribute may be "member".

Kind regards,

Thierry

Yannick_ · ‎06-12-2014

Thanks for your reply and your time.

Hyland Connect

Unable to grant access right to Active Directory Group