06-12-2014 03:15 AM
Hello, I'm using nuxeo 5.9.3 on ubuntu server 12.04 and I configured the active directory authentication in Nuxeo. I can log in with active directory account in Nuxeo without problems. I can found my active directory group in Nuxeo but there's no members in it. How can i fix this issue?
Here's my default-ldap-group configuration and my userManagement extension point.
Thanks for your time.
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
<directory name="groupLdapDirectory">
<server>default</server>
<schema>group</schema>
<idField>groupname</idField>
<searchBaseDn>ou=xxx,dc=xxx,dc=xx</searchBaseDn>
<searchFilter>
(objectclass=group)
</searchFilter>
<searchScope>subtree</searchScope>
<readOnly>false</readOnly>
<cacheTimeout>3600</cacheTimeout>
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>ou=xxxx,dc=xxx,dc=xx</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>group</creationClass>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<rdnAttribute>cn</rdnAttribute>
<fieldMapping name="groupname">cn</fieldMapping>
<references>
<ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
<ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
<inverseReference field="parentGroups" directory="groupLdapDirectory" dualReferenceField="subGroups" />
<ldapTreeReference field="directChildren" directory="unitDirectory" scope="onelevel" />
<ldapTreeReference field="children" directory="unitDirectory" scope="subtree" />
</references>
</directory>
</extension>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<defaultAdministratorId>Administrateur</defaultAdministratorId>
<defaultGroup>members</defaultGroup>
<disableDefaultAdministratorsGroup>true</disableDefaultAdministratorsGroup>
</userManager>
</extension>
<component name="org.nuxeo.ecm.platform.usermanager.VirtualGroups">
<require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager class="org.nuxeo.ecm.platform.usermanager.UserManagerImpl">
<users>
<directory>userLdapDirectory</directory>
</users>
<groups>
<directory>groupLdapDirectory</directory>
</groups>
</userManager>
</extension>
</component>
06-12-2014 05:03 AM
hello,
the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is "uniqueMember", but for Active Directory, the attribute may be "member".
Kind regards,
Thierry
06-12-2014 05:03 AM
hello,
the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is "uniqueMember", but for Active Directory, the attribute may be "member".
Kind regards,
Thierry
06-12-2014 08:02 AM
Thanks for your reply and your time.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.