Hi folks,
currently i am setting up Alfresco (Stable 3c) to synchronize users and groups with our LDAP server. Like most things in life, this almost works perfectly, except one issue regarding group membership:
Our LDAP directory (for the curious, it is OpenLDAP managed by Zimbra + Samba extensions) holds groups as objectClass=posixGroup, with members held in the memberUid attribute. However, members are stored as kinda short names, not DNs as Alfresco expects: e.g. i have memberUid=donald when Alfresco wants memberUid=uid=donald,ou=people,dc=abcona,dc=int.
Alas, the short names seem what Samba expects to find in the directory, so i wonder what would be the most straightforward way to fix this? One obvious idea would be to enhance class LDAPGroupExportSource to do an indirect lookup using a pattern, say an additional attribute "groupMemberResolvePattern" with value "memberUid=uid=%s,ou=people,dc=abcona,dc=int" for my example above.
Maybe this issue has already addressed by someone, your comments welcome
Cheers
Gyro
currently i am setting up Alfresco (Stable 3c) to synchronize users and groups with our LDAP server. Like most things in life, this almost works perfectly, except one issue regarding group membership:
Our LDAP directory (for the curious, it is OpenLDAP managed by Zimbra + Samba extensions) holds groups as objectClass=posixGroup, with members held in the memberUid attribute. However, members are stored as kinda short names, not DNs as Alfresco expects: e.g. i have memberUid=donald when Alfresco wants memberUid=uid=donald,ou=people,dc=abcona,dc=int.
Alas, the short names seem what Samba expects to find in the directory, so i wonder what would be the most straightforward way to fix this? One obvious idea would be to enhance class LDAPGroupExportSource to do an indirect lookup using a pattern, say an additional attribute "groupMemberResolvePattern" with value "memberUid=uid=%s,ou=people,dc=abcona,dc=int" for my example above.
Maybe this issue has already addressed by someone, your comments welcome
Cheers
Gyro
