Unable to create users or Groups in Nuxeo when connected to Active Directory

I'm unable to create any new users or Groups from Nuxeo Admin Center once it's integrated with Active Directory. Here is the configuration I have: Please advise if I need to change any configurations below:

<component name="org.nuxeo.ecm.directory.ldap.storage.users">
  <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
  <require>org.nuxeo.ecm.directory.sql.storage</require>
  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="servers">
    <server name="default">
      <ldapUrl>ldap://<IP>:389</ldapUrl>
      <bindDn>cn=gituser,ou=CMS,ou=Applications,dc=dmlabs,dc=xyz,dc=com</bindDn>
      <bindPassword>blahblah</bindPassword>
    </server>
  </extension>

  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
    <directory name="userDirectory">
      <server>default</server>
      <schema>user</schema>
      <idField>username</idField>
      <passwordField>password</passwordField>
      <searchBaseDn>OU=CMS,OU=Applications,DC=dmlabs,DC=xyz,DC=com</searchBaseDn>
      <searchClass>person</searchClass>
      <searchScope>onelevel</searchScope>
      <substringMatchType>subany</substringMatchType>
      <readOnly>false</readOnly>
      <cacheTimeout>3600</cacheTimeout>
      <cacheMaxSize>1000</cacheMaxSize>
      <missingIdFieldCase>lower</missingIdFieldCase>
      <querySizeLimit>200</querySizeLimit>
      <queryTimeLimit>0</queryTimeLimit>
      <creationBaseDn>OU=CMS,OU=Applications,DC=dmlabs,DC=xyz,DC=com</creationBaseDn>
      <creationClass>top</creationClass>
      <creationClass>person</creationClass>
      <creationClass>organizationalPerson</creationClass>
      <creationClass>inetOrgPerson</creationClass>
      <rdnAttribute>sAMAccountName</rdnAttribute>
      <fieldMapping name="username">sAMAccountName</fieldMapping>
      <fieldMapping name="password">userPassword</fieldMapping>
      <fieldMapping name="firstName">givenName</fieldMapping>
      <fieldMapping name="lastName">sn</fieldMapping>
      <fieldMapping name="company">o</fieldMapping>
      <fieldMapping name="email">mail</fieldMapping>
      <references>
        <inverseReference field="groups" directory="groupDirectory" dualReferenceField="members" />
      </references>
    </directory>
    <directory name="groupDirectory">
        <server>default</server>
        <schema>group</schema>
        <idField>groupname</idField>
        <searchBaseDn>OU=CMS,OU=Applications,DC=dmlabs,DC=xyz,DC=com</searchBaseDn>
        <searchFilter>((objectClass=group))</searchFilter>
        <searchScope>subtree</searchScope>
        <!--entryAdaptor class="org.nuxeo.ecm.directory.impl.WritePolicyEntryAdaptor"-->
    <readOnly>false</readOnly>
        <cacheTimeout>3600</cacheTimeout>
        <cacheMaxSize>2000</cacheMaxSize>
        <creationBaseDn>OU=CMS,OU=Applications,DC=dmlabs,DC=xyz,DC=com</creationBaseDn>
        <creationClass>top</creationClass>
        <creationClass>groupOfUniqueNames</creationClass>
        <rdnAttribute>sAMAccountName</rdnAttribute>
        <querySizeLimit>500</querySizeLimit>
        <queryTimeLimit>0</queryTimeLimit>
        <fieldMapping name="groupname">sAMAccountName</fieldMapping>
        <references>
            <ldapReference directory="userDirectory" dynamicAttributeId="memberURL" field="members" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" staticAttributeIdIsDn="true"/>
            <ldapReference directory="groupDirectory" dynamicAttributeId="memberURL" field="subGroups" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
            <inverseReference directory="groupDirectory" dualReferenceField="subGroups" field="parentGroups"/>
            <ldapTreeReference directory="groupDirectory" field="children" scope="onelevel"/>
            <inverseReference directory="groupDirectory" dualReferenceField="children" field="parents"/>
        </references>
    </directory>
  </extension>
  <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <defaultAdministratorId>cmsadmin</defaultAdministratorId>
      <defaultGroup>CMSMembers</defaultGroup>
      <administratorsGroup>CMSAdministrators</administratorsGroup>
      <disableDefaultAdministratorsGroup>true</disableDefaultAdministratorsGroup>
       <groups>
            <directory>groupDirectory</directory>
            <membersField>members</membersField>
            <groupLabelField>grouplabel</groupLabelField>
            <subGroupsField>subgroups</subGroupsField>
            <parentGroupsField>parentgroup</parentGroupsField>
            <listingMode>search_only</listingMode>
            <searchFields append="true">
                <substringMatchSearchField>grouplabel</substringMatchSearchField>
                <exactMatchSearchField>groupname</exactMatchSearchField>
            </searchFields>
        </groups>
        <!--defaultGroup>members</defaultGroup-->
        <groupSortField>groupname</groupSortField>
    </userManager>
  </extension>

</component>
0 votes

0 answers

1166 views

ANSWER