creating groups fails with gidNumber: value #0 invalid per syntax

I'm using a posix openLdap as backend for user and groups.

user creation, deletion and other operation works

associating user with groups, editing groups, and deleting groups work

when I try to create a group, it fails with:

 gidNumber: value #0 invalid per syntax

here's the ldap operation that seems to trigger it, gidNumber is passed empty:

2015-04-16 08:20:18,691 DEBUG [http-bio-45.55.153.57-8080-exec-9] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.createEntry(groupname=nuxeogroup): 
LDAP bind dn='cn=nuxeogroup,ou=people,dc=xxxxxx,dc=com' attrs='{
memberUid=memberUid: cn=emptyRef, **gidNumber=gidNumber:  ,** 
description=description: nuxeo group, objectclass=objectclass: top, groupOfUniqueNames, 
posixGroup, uniqueMember=uniqueMember:  , cn=cn: nuxeogroup}' 
[LDAPSession '-4455130552067948046' for directory ldapGroupDirectory]

here's the full exception:

Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - gidNumber: value #0 invalid per syntax]; remaining name 'cn=nuxeogroup,ou=people,dc=xxxxxxxx,dc=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3148)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:423)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:299)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:217)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:206)
        at javax.naming.directory.InitialDirContext.bind(InitialDirContext.java:177)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.nuxeo.ecm.directory.ldap.LdapRetryHandler.invoke(LdapRetryHandler.java:56)
        at com.sun.proxy.$Proxy173.bind(Unknown Source)
        at org.nuxeo.ecm.directory.ldap.LDAPSession.createEntry(LDAPSession.java:211)

and here is the xml for mapping the groups (notice the staticAttributeIdIsDn=false):

    <directory name="ldapGroupDirectory">
      <!-- Reuse the default server configuration defined for ldapUserDirectory -->
      <server>default</server>
      <schema>group</schema>
      <idField>groupname</idField>
      <searchBaseDn>ou=groups,dc=xxxxxxx,dc=com</searchBaseDn>
      <searchFilter>
        cn=*
      </searchFilter>
      <searchScope>subtree</searchScope>

      <readOnly>false</readOnly>

      <!-- comment <cache* /> tags to disable the cache -->
      <cacheEntryName>ldap-group-entry-cache</cacheEntryName>
      <cacheEntryWithoutReferencesName>ldap-group-entry-cache-without-references</cacheEntryWithoutReferencesName>

      <creationBaseDn>ou=people,dc=xxxxxxx,dc=com</creationBaseDn>
      <creationClass>top</creationClass>
      <creationClass>groupOfUniqueNames</creationClass>
      <creationClass>posixGroup</creationClass>

      <querySizeLimit>200</querySizeLimit>
      <queryTimeLimit>0</queryTimeLimit>

      <rdnAttribute>cn</rdnAttribute>
      <fieldMapping name="groupname">cn</fieldMapping>
      <fieldMapping name="grouplabel">description</fieldMapping>

      <references>
        <ldapReference field="members" directory="ldapUserDirectory"
          forceDnConsistencyCheck="false" staticAttributeId="memberUid"
          dynamicAttributeId="memberURL" staticAttributeIdIsDn="false"  />

        <ldapReference field="subGroups" directory="ldapGroupDirectory"
          forceDnConsistencyCheck="false"  staticAttributeId="memberUid"
          dynamicAttributeId="memberURL" staticAttributeIdIsDn="false"  />

        <inverseReference field="parentGroups" directory="ldapGroupDirectory"
          dualReferenceField="subGroups" />

        <ldapTreeReference field="directChildren" directory="ldapUserDirectory"
          scope="onelevel" />
        <ldapTreeReference field="children" directory="ldapUserDirectory"
          scope="subtree" />

      </references>
    </directory>
  </extension>

how can I tell nuxeo to generate the uid or to let openldap generate it?

0 votes

0 answers

2196 views

ANSWER