Unable to grant access right to Active Directory Group
Hello, I'm using nuxeo 5.9.3 on ubuntu server 12.04 and I configured the active directory authentication in Nuxeo. I can log in with active directory account in Nuxeo without problems. I can found my active directory group in Nuxeo but there's no members in it. How can i fix this issue?
Here's my default-ldap-group configuration and my userManagement extension point.
Thanks for your time.
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories">
<directory name="groupLdapDirectory">
<server>default</server>
<schema>group</schema>
<idField>groupname</idField>
<searchBaseDn>ou=xxx,dc=xxx,dc=xx</searchBaseDn>
<searchFilter>
(objectclass=group)
</searchFilter>
<searchScope>subtree</searchScope>
<readOnly>false</readOnly>
<cacheTimeout>3600</cacheTimeout>
<cacheMaxSize>1000</cacheMaxSize>
<creationBaseDn>ou=xxxx,dc=xxx,dc=xx</creationBaseDn>
<creationClass>top</creationClass>
<creationClass>group</creationClass>
<querySizeLimit>200</querySizeLimit>
<queryTimeLimit>0</queryTimeLimit>
<rdnAttribute>cn</rdnAttribute>
<fieldMapping name="groupname">cn</fieldMapping>
<references>
<ldapReference field="members" directory="userLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
<ldapReference field="subGroups" directory="groupLdapDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" />
<inverseReference field="parentGroups" directory="groupLdapDirectory" dualReferenceField="subGroups" />
<ldapTreeReference field="directChildren" directory="unitDirectory" scope="onelevel" />
<ldapTreeReference field="children" directory="unitDirectory" scope="subtree" />
</references>
</directory>
</extension>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager>
<defaultAdministratorId>Administrateur</defaultAdministratorId>
<defaultGroup>members</defaultGroup>
<disableDefaultAdministratorsGroup>true</disableDefaultAdministratorsGroup>
</userManager>
</extension>
<component name="org.nuxeo.ecm.platform.usermanager.VirtualGroups">
<require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
<userManager class="org.nuxeo.ecm.platform.usermanager.UserManagerImpl">
<users>
<directory>userLdapDirectory</directory>
</users>
<groups>
<directory>groupLdapDirectory</directory>
</groups>
</userManager>
</extension>
</component>
hello,
the resolution of group members is done by the ldapReference tag: you need to check which field is used in a group entry to store the members. In your configuration, you indicate it is “uniqueMember”, but for Active Directory, the attribute may be “member”.
Kind regards,
Thierry