Active Directory connection only login new users and not old ones

I am installing Nuxeo integrated to the active directory and I select the subtree option, it happens that if I can log in with newly created users, but the existing old users can not log in. I appreciate if you can help me. I leave my XML configuration.

<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”

point="servers">

<!-- Configuration of a server connection

  A single server declaration can point to a cluster of replicated
  servers (using OpenLDAP's slapd + sluprd for instance). To leverage
  such a cluster and improve availability, please provide one
  <ldapUrl/> tag for each replica of the cluster.
-->
<server name="default">

  <ldapUrl>ldap://myldap:389</ldapUrl>
  <!-- Optional servers from the same cluster for failover
    and load balancing:

    <ldapUrl>ldap://server2:389</ldapUrl>
    <ldapUrl>ldaps://server3:389</ldapUrl>

    "ldaps" means TLS/SSL connection.
  -->

  <!-- Credentials used by Nuxeo5 to browse the directory, create
    and modify entries.

    Only the authentication of users (bind) use the credentials entered
    through the login form if any.
  -->

  <bindPassword>MyPassword</bindPassword>
  <!-- Attempts to get a result when LDAP is temporary unavailable -->
  <retries>5</retries>
</server>

<extension target=“org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory”

point="directories">

<directory name="ldapUserDirectory">
  <server>default</server>
  <schema>user</schema>
  <idField>username</idField>
  <passwordField>password</passwordField>

  <searchBaseDn>OU=Chimu-Usuarios,DC=chimuasa,DC=com</searchBaseDn>
  <searchClass>user</searchClass>
  <!-- To additionally restricte entries you can add an
    arbitrary search filter such as the following:
    Beware that "&" writes "&" in XML.
  -->
    <searchFilter>(&(objectClass=user)(objectCategory=person))</searchFilter>

  <!-- use subtree if the people branch is nested -->
  <searchScope>subtree</searchScope>

  <!-- using 'subany', search will match *toto*. use 'subfinal' to
    match *toto and 'subinitial' to match toto*. subinitial is the
    default  behaviour-->
  <substringMatchType>subany</substringMatchType>

  <readOnly>true</readOnly>

  <!-- comment <cache* /> tags to disable the cache -->
  <cacheEntryName>ldap-user-entry-cache</cacheEntryName>
  <cacheEntryWithoutReferencesName>ldap-user-entry-cache-without-references</cacheEntryWithoutReferencesName>

  <!--
       If the id field is not returned by the search, we set it with the searched entry, probably the login.
       Before setting it, you can change its case. Accepted values are 'lower' and 'upper',
       anything else will not change the case.
  -->
  <missingIdFieldCase>lower</missingIdFieldCase>

  <!-- Maximum number of entries returned by the search -->
  <querySizeLimit>200</querySizeLimit>

  <!-- Time to wait for a search to finish. 0 to wait indefinitely -->
  <queryTimeLimit>0</queryTimeLimit>

  <creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn>
  <creationClass>top</creationClass>
  <creationClass>person</creationClass>
  <creationClass>organizationalPerson</creationClass>
  <creationClass>inetOrgPerson</creationClass>

  <rdnAttribute>CN</rdnAttribute>
  <fieldMapping name="username">givenName</fieldMapping>
  <fieldMapping name="password">userPassword</fieldMapping>
  <fieldMapping name="firstName">givenName</fieldMapping>
  <fieldMapping name="lastName">sn</fieldMapping>
  <fieldMapping name="company">o</fieldMapping>
  <fieldMapping name="email">mail</fieldMapping>

    <inverseReference field="groups" directory="sqlGroupDirectory"
        dualReferenceField="members" />
  </references>

</directory>

<directory name="sqlGroupDirectory" extends="template-group">
  <schema>group</schema>
  <types>
    <type>system</type>
  </types>
  <idField>groupname</idField>
  <dataFile>groups.csv</dataFile>
  <createTablePolicy>on_missing_columns</createTablePolicy>
  <autoincrementIdField>false</autoincrementIdField>
  <cacheEntryName>group-entry-cache</cacheEntryName>
  <cacheEntryWithoutReferencesName>group-entry-cache-without-references</cacheEntryWithoutReferencesName>
  <references>
    <reference field="members" directory="ldapUserDirectory"
        name="user2group" source="groupId" target="userId" dataFile="user2group.csv" />
    <reference field="subGroups" directory="sqlGroupDirectory"
        name="group2group" source="parentGroupId" target="childGroupId" />
    <inverseReference field="parentGroups" directory="sqlGroupDirectory"
        dualReferenceField="subGroups" />
  </references>

</directory>

<userManager>
  <userCacheName>default-cache</userCacheName>
  <defaultAdministratorId>MyUser</defaultAdministratorId>
  <defaultGroup>members</defaultGroup>
  <users>
    <directory>ldapUserDirectory</directory>
    <virtualUser id="MyAdministrator" searchable="false">
      <password>MyPassword</password>
      <property name="firstName"></property>
      <property name="lastName"></property>
      <group>administrators</group>
    </virtualUser>
  </users>
  <groups>
    <directory>sqlGroupDirectory</directory>
  </groups>
</userManager>

0 votes

0 answers

698 views

ANSWER