Unable to grant access right to Active Directory Group

Hello, I'm using nuxeo 5.9.3 on ubuntu server 12.04 and I configured the active directory authentication in Nuxeo. I can log in with active directory account in Nuxeo without problems. I can found my active directory group in Nuxeo but there's no members in it. How can i fix this issue?

Here's my default-ldap-group configuration and my userManagement extension point.

Thanks for your time.

 <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">

  <directory name="groupLdapDirectory">

  <server>default</server>

  <schema>group</schema>
  <idField>groupname</idField>
  <searchBaseDn>ou=xxx,dc=xxx,dc=xx</searchBaseDn>
  <searchFilter>
    (objectclass=group)
  </searchFilter>
  <searchScope>subtree</searchScope>
  <readOnly>false</readOnly>
  <cacheTimeout>3600</cacheTimeout>
  <cacheMaxSize>1000</cacheMaxSize>
  <creationBaseDn>ou=xxxx,dc=xxx,dc=xx</creationBaseDn>
  <creationClass>top</creationClass>
  <creationClass>group</creationClass>
  <querySizeLimit>200</querySizeLimit>
  <queryTimeLimit>0</queryTimeLimit>
  <rdnAttribute>cn</rdnAttribute>
  <fieldMapping name="groupname">cn</fieldMapping>

  <references>

    <ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
    <ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />

    <inverseReference field="parentGroups" directory="groupLdapDirectory" dualReferenceField="subGroups" />

    <ldapTreeReference field="directChildren" directory="unitDirectory" scope="onelevel" />
    <ldapTreeReference field="children" directory="unitDirectory" scope="subtree" />

  </references>

 </directory>
   </extension>

    <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <defaultAdministratorId>Administrateur</defaultAdministratorId>
      <defaultGroup>members</defaultGroup>
      <disableDefaultAdministratorsGroup>true</disableDefaultAdministratorsGroup>
    </userManager>
  </extension>


<component name="org.nuxeo.ecm.platform.usermanager.VirtualGroups">
         <require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
         <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">

       <userManager class="org.nuxeo.ecm.platform.usermanager.UserManagerImpl">
      <users>
        <directory>userLdapDirectory</directory>
      </users>
      <groups>
        <directory>groupLdapDirectory</directory>
      </groups>
    </userManager>
  </extension>
   </component>
0 votes

1 answers

1037 views

ANSWER



hello,

the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is “uniqueMember”, but for Active Directory, the attribute may be “member”.

Kind regards,

Thierry

0 votes



Thanks for your reply and your time. I changed the attribute to "member" and it work perfectly.
06/12/2014