Nuxeo LDAP groups not loading
I have deployed Nuxeo Platform 5.6 on a Windows Server from Tomcat bundle installation. I have configured the LDAP login accordin to the code below. Users are able to login but their groups are not loaded. Is there something I am missing?
<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”
point="servers">
<!-- Configuration of a server connection
A single server declaration can point to a cluster of replicated
servers (using OpenLDAP's slapd + sluprd for instance). To leverage
such a cluster and improve availibility, please provide one
<ldapUrl/> tag for each replica of the cluster.
-->
<server name="default">
<ldapUrl>ldap://172.16.12.84:389</ldapUrl>
<!-- Optional servers from the same cluster for failover
and load balancing:
<ldapUrl>ldap://server2:389</ldapUrl>
<ldapUrl>ldaps://server3:389</ldapUrl>
"ldaps" means TLS/SSL connection.
-->
<!-- Credentials used by Nuxeo5 to browse the directory, create
and modify entries.
Only the authentication of users (bind) use the credentials entered
through the login form if any.
-->
<bindDn>cn=IUSR_ldap_user,ou=Service Accounts,ou=SpecialUsers,ou=KEMRI-WTRP,dc=kwtrp,dc=org</bindDn>
<bindPassword>pa$$w0rd</bindPassword>
</server>
<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”
point="directories">
<directory name="userDirectory">
<server>default</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
<searchBaseDn>OU=Users,OU=KEMRI-WTRP,DC=kwtrp,DC=org</searchBaseDn>
<searchClass>person</searchClass>
<searchScope>subtree</searchScope>
<substringMatchType>subany</substringMatchType>
<readOnly>true</readOnly>
<cacheTimeout>3600</cacheTimeout>
<!-- maximum number of cached entries before global invalidation -->
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>OU=Users,OU=KEMRI-WTRP,DC=kwtrp,DC=org</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>person</creationClass>
<creationClass>organizationalPerson</creationClass>
<creationClass>user</creationClass>
<rdnAttribute>uid</rdnAttribute>
<fieldMapping name="username">sAMAccountName</fieldMapping>
<fieldMapping name="password">userPassword</fieldMapping>
<fieldMapping name="firstName">givenName</fieldMapping>
<fieldMapping name="lastName">sn</fieldMapping>
<fieldMapping name="company">company</fieldMapping>
<fieldMapping name="email">mail</fieldMapping>
<references>
<inverseReference field="groups" directory="groupDirectory"
dualReferenceField="members" />
</references>
</directory>
<directory name="groupDirectory">
<server>default</server>
<schema>group</schema>
<idField>groupname</idField>
<searchBaseDn>OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</searchBaseDn>
<searchFilter>(|(objectClass=groupOfUniqueNames)(objectClass=groupOfURLs))</searchFilter>
<searchScope>subtree</searchScope>
<entryAdaptor class="org.nuxeo.ecm.directory.impl.WritePolicyEntryAdaptor">
<parameter name="fieldName">dn</parameter>
<parameter name="regexp">.*,ou=editable,OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</parameter>
</entryAdaptor>
<readOnly>true</readOnly>
<cacheTimeout>3600</cacheTimeout>
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>ou=editable,OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>groupOfUniqueNames</creationClass>
<rdnAttribute>cn</rdnAttribute>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<fieldMapping name="groupname">cn</fieldMapping>
<references>
<ldapReference directory="userDirectory"
dynamicAttributeId="memberURL" field="members"
forceDnConsistencyCheck="false"
staticAttributeId="uniqueMember" staticAttributeIdIsDn="true"/>
<ldapReference directory="groupDirectory"
dynamicAttributeId="memberURL" field="subGroups"
forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
<inverseReference directory="groupDirectory"
dualReferenceField="subGroups" field="parentGroups"/>
<ldapTreeReference directory="groupDirectory"
field="children" scope="onelevel"/>
<inverseReference directory="groupDirectory"
dualReferenceField="children" field="parents"/>
</references>
</directory>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<defaultAdministratorId>colima</defaultAdministratorId>
<defaultGroup>members</defaultGroup>
</userManager>
</extension>
 |
caesarooke
Member (10) 1 2 0 |
09/18/2013 ( History) |
0 votes
0 answers
2229 views