creating groups fails with gidNumber: value #0 invalid per syntax
I'm using a posix openLdap as backend for user and groups.
user creation, deletion and other operation works
associating user with groups, editing groups, and deleting groups work
when I try to create a group, it fails with:
gidNumber: value #0 invalid per syntax
here's the ldap operation that seems to trigger it, gidNumber is passed empty:
2015-04-16 08:20:18,691 DEBUG [http-bio-45.55.153.57-8080-exec-9] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.createEntry(groupname=nuxeogroup):
LDAP bind dn='cn=nuxeogroup,ou=people,dc=xxxxxx,dc=com' attrs='{
memberUid=memberUid: cn=emptyRef, **gidNumber=gidNumber: ,**
description=description: nuxeo group, objectclass=objectclass: top, groupOfUniqueNames,
posixGroup, uniqueMember=uniqueMember: , cn=cn: nuxeogroup}'
[LDAPSession '-4455130552067948046' for directory ldapGroupDirectory]
here's the full exception:
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - gidNumber: value #0 invalid per syntax]; remaining name 'cn=nuxeogroup,ou=people,dc=xxxxxxxx,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3148)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:299)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:217)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:206)
at javax.naming.directory.InitialDirContext.bind(InitialDirContext.java:177)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.nuxeo.ecm.directory.ldap.LdapRetryHandler.invoke(LdapRetryHandler.java:56)
at com.sun.proxy.$Proxy173.bind(Unknown Source)
at org.nuxeo.ecm.directory.ldap.LDAPSession.createEntry(LDAPSession.java:211)
and here is the xml for mapping the groups (notice the staticAttributeIdIsDn=false):
<directory name="ldapGroupDirectory">
<!-- Reuse the default server configuration defined for ldapUserDirectory -->
<server>default</server>
<schema>group</schema>
<idField>groupname</idField>
<searchBaseDn>ou=groups,dc=xxxxxxx,dc=com</searchBaseDn>
<searchFilter>
cn=*
</searchFilter>
<searchScope>subtree</searchScope>
<readOnly>false</readOnly>
<!-- comment <cache* /> tags to disable the cache -->
<cacheEntryName>ldap-group-entry-cache</cacheEntryName>
<cacheEntryWithoutReferencesName>ldap-group-entry-cache-without-references</cacheEntryWithoutReferencesName>
<creationBaseDn>ou=people,dc=xxxxxxx,dc=com</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>groupOfUniqueNames</creationClass>
<creationClass>posixGroup</creationClass>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<rdnAttribute>cn</rdnAttribute>
<fieldMapping name="groupname">cn</fieldMapping>
<fieldMapping name="grouplabel">description</fieldMapping>
<references>
<ldapReference field="members" directory="ldapUserDirectory"
forceDnConsistencyCheck="false" staticAttributeId="memberUid"
dynamicAttributeId="memberURL" staticAttributeIdIsDn="false" />
<ldapReference field="subGroups" directory="ldapGroupDirectory"
forceDnConsistencyCheck="false" staticAttributeId="memberUid"
dynamicAttributeId="memberURL" staticAttributeIdIsDn="false" />
<inverseReference field="parentGroups" directory="ldapGroupDirectory"
dualReferenceField="subGroups" />
<ldapTreeReference field="directChildren" directory="ldapUserDirectory"
scope="onelevel" />
<ldapTreeReference field="children" directory="ldapUserDirectory"
scope="subtree" />
</references>
</directory>
</extension>
how can I tell nuxeo to generate the uid or to let openldap generate it?
0 votes
0 answers
4639 views