11-01-2011 02:17 AM
We have a messy AD where not all email addresses are in lower case. Some are capitalized and some are not. Because of this, a user may login with USer@acme.com or user@acme.com . I see in the ACLS table that the permissions are stored both ways, depending on how the user was logged in at the time the documents were created.
So, because of this, sometimes a user doesn't have access to basic functionality like edit it's own profile or access the personal workspace.
11-01-2011 03:38 AM
Since Nuxeo 5.4.2, you can force the id case of the directory entries to "lower" or "upper" in the LDAPDirectory configuration with: <idCase>lower</idCase>
for instance. The default value for that parameter is "unchanged".
That should fix your issue without having to mess with the ACL system. Nuxeo principal ids are must be unique, not only for the ACL system but also for looking up documents by creator id for instance.
11-01-2011 03:38 AM
Since Nuxeo 5.4.2, you can force the id case of the directory entries to "lower" or "upper" in the LDAPDirectory configuration with: <idCase>lower</idCase>
for instance. The default value for that parameter is "unchanged".
That should fix your issue without having to mess with the ACL system. Nuxeo principal ids are must be unique, not only for the ACL system but also for looking up documents by creator id for instance.
11-01-2011 07:54 AM
It would be great if it would work like that, but it doesn't.
11-01-2011 08:50 AM
I don't see the issue, if you do the change on the LDAPDirectory configuration, the SQLDirectory will naturally fill in it's entries with lowercase ids only.
11-01-2011 09:20 AM
I've cleared the data folder so I have clean data.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.