LDAP with 2 OU
I want to connect Nuxeo with our LDAP. But persons are saved in several “OU”. How can I do it ? I try with “multi-users-directory” but it doesn't work.
I create a file default-ldap-users-directory-bundle.xml with configuration of ldap :
- 1 directory for OU=firstOU
- 1 directory for OU=secondOU
Then I create a file default-multi-users-directory-bundle.xml with that :
<component name="org.nuxeo.ecm.directory.multi.config"> <extension target="org.nuxeo.ecm.directory.multi.MultiDirectoryFactory" point="directories"> <directory name="userDirectory"> <schema>user</schema> <idField>username</idField> <passwordField>password</passwordField> <source name="userLDAPSourceFirst" creation="false"> <subDirectory name="firstOU"/> <optional>true</optional> </source> <source name="userLDAPSourceSecond" creation="false"> <subDirectory name="secondOU"/> <optional>true</optional> </source> </directory> </extension> </component>
I can connecte with firstOU and in adminCenter I can see persons of firstOU. But it doesn't work for seondOU. In server.log, I have an error :
ERROR [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed javax.security.auth.login.LoginException: principal Administrator does not exist at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:300) ...
Can anyone help me ? Has anyone an exemple of that ? Thank you in advance.
You can point the
searchBaseDN to the common root of the 2 OUs and then set
You should also use
searchFilter to a valid LDAP filter expression to filterout the unwanted entries based on attributes such as for instance:
Note that for this filter to work you need all the entries to actually have the
ou attributes stored and indexed (not just the dn).
You can check the LDAP filter syntax for more complex filtering options. I would advise you to use a tool such as Apache Directory Studio to simulate the right baseDN / scope / filters combo that works for you.