Nuxeo LDAP groups not loading

I have deployed Nuxeo Platform 5.6 on a Windows Server from Tomcat bundle installation. I have configured the LDAP login accordin to the code below. Users are able to login but their groups are not loaded. Is there something I am missing?

<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”

point="servers">

<!-- Configuration of a server connection

  A single server declaration can point to a cluster of replicated
  servers (using OpenLDAP's slapd + sluprd for instance). To leverage
  such a cluster and improve availibility, please provide one
  <ldapUrl/> tag for each replica of the cluster.
-->
<server name="default">

  <ldapUrl>ldap://172.16.12.84:389</ldapUrl>
  <!-- Optional servers from the same cluster for failover
    and load balancing:

    <ldapUrl>ldap://server2:389</ldapUrl>
    <ldapUrl>ldaps://server3:389</ldapUrl>

    "ldaps" means TLS/SSL connection.
  -->

  <!-- Credentials used by Nuxeo5 to browse the directory, create
    and modify entries.

    Only the authentication of users (bind) use the credentials entered
    through the login form if any.
  -->
  <bindDn>cn=IUSR_ldap_user,ou=Service Accounts,ou=SpecialUsers,ou=KEMRI-WTRP,dc=kwtrp,dc=org</bindDn>
  <bindPassword>pa$$w0rd</bindPassword>
</server>

<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”

point="directories">

<directory name="userDirectory">
  <server>default</server>
  <schema>user</schema>
  <idField>username</idField>
  <passwordField>password</passwordField>

  <searchBaseDn>OU=Users,OU=KEMRI-WTRP,DC=kwtrp,DC=org</searchBaseDn>
  <searchClass>person</searchClass>

  <searchScope>subtree</searchScope>

  <substringMatchType>subany</substringMatchType>

  <readOnly>true</readOnly>

  <cacheTimeout>3600</cacheTimeout>

  <!-- maximum number of cached entries before global invalidation -->
  <cacheMaxSize>1000</cacheMaxSize>

  <creationBaseDn>OU=Users,OU=KEMRI-WTRP,DC=kwtrp,DC=org</creationBaseDn>
  <creationClass>top</creationClass>
  <creationClass>person</creationClass>
  <creationClass>organizationalPerson</creationClass>
  <creationClass>user</creationClass>

  <rdnAttribute>uid</rdnAttribute>
  <fieldMapping name="username">sAMAccountName</fieldMapping>
  <fieldMapping name="password">userPassword</fieldMapping>
  <fieldMapping name="firstName">givenName</fieldMapping>
  <fieldMapping name="lastName">sn</fieldMapping>
  <fieldMapping name="company">company</fieldMapping>
  <fieldMapping name="email">mail</fieldMapping>

  <references>

    <inverseReference field="groups" directory="groupDirectory"
      dualReferenceField="members" />

  </references>

</directory>
<directory name="groupDirectory">
    <server>default</server>
    <schema>group</schema>
    <idField>groupname</idField>
    <searchBaseDn>OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</searchBaseDn>
    <searchFilter>(|(objectClass=groupOfUniqueNames)(objectClass=groupOfURLs))</searchFilter>
    <searchScope>subtree</searchScope>
    <entryAdaptor class="org.nuxeo.ecm.directory.impl.WritePolicyEntryAdaptor">
        <parameter name="fieldName">dn</parameter>
        <parameter name="regexp">.*,ou=editable,OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</parameter>
    </entryAdaptor>
    <readOnly>true</readOnly>
    <cacheTimeout>3600</cacheTimeout>
    <cacheMaxSize>1000</cacheMaxSize>
    <creationBaseDn>ou=editable,OU=Groups,OU=KEMRI-WTRP,DC=kwtrp,DC=org</creationBaseDn>
    <creationClass>top</creationClass>
    <creationClass>groupOfUniqueNames</creationClass>
    <rdnAttribute>cn</rdnAttribute>
    <querySizeLimit>200</querySizeLimit>
    <queryTimeLimit>0</queryTimeLimit>
    <fieldMapping name="groupname">cn</fieldMapping>
    <references>
        <ldapReference directory="userDirectory"
            dynamicAttributeId="memberURL" field="members"
            forceDnConsistencyCheck="false"
            staticAttributeId="uniqueMember" staticAttributeIdIsDn="true"/>
        <ldapReference directory="groupDirectory"
            dynamicAttributeId="memberURL" field="subGroups"
            forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
        <inverseReference directory="groupDirectory"
            dualReferenceField="subGroups" field="parentGroups"/>
        <ldapTreeReference directory="groupDirectory"
            field="children" scope="onelevel"/>
        <inverseReference directory="groupDirectory"
            dualReferenceField="children" field="parents"/>
    </references>
</directory>

<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
  <userManager>
      <defaultAdministratorId>colima</defaultAdministratorId>
      <defaultGroup>members</defaultGroup>
    </userManager>
</extension>

0 votes

0 answers

1173 views

ANSWER