...
Cette configuration est décrite dans le paragraphe Configuration du SmartLdapGroupStore avec un dn dans l'entrée de personne.
Activation du SmartLdapGroupStore
...
- Activer le SmartLdapGroupStore dans uportal-war/src/main/resources/properties/groups/compositeGroupServices.xml
...
| Bloc de code |
|---|
<!--
| This bean is the ContextSource instance that will be used to connect to LDAP.
+-->
<bean id="ldapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://frmp0165.frml.bull.fr:389"/>
<property name="userDn" value="uid=root,dc=univ,dc=fr"/>
<property name="password" value="secret"/>
</bean>
<!--
| Period, in seconds, after which SmartLdap will drop and re-init the groups
| tree. A value of zero or less (negative) disables this feature.
+-->
<bean id="groupsTreeRefreshIntervalSeconds" class="java.lang.Long">
<constructor-arg><value>900</value></constructor-arg>
</bean>
<!--
| BaseDn that will be passed to the search (not to the context).
|
| WARNING: If you get an error like this...
| ...PartialResultException: [LDAP: error code 10...
| it probably means your baseDn isn't correct!
+-->
<bean id="baseDn" class="java.lang.String">
<constructor-arg><value>ou=groups,dc=univ,dc=fr</value></constructor-arg>
</bean>
<!--
| ESUP Parameter.
| This parameter is used to extract the id path of the groups
| from their dn.
| The id path is caught from the nth group of the regex where n is the value
| of keyIndexMatchingGroup.
| (http://docs.oracle.com/javase/7/docs/api/java/util/regex/Matcher.html#group%28int%29)
-->
<bean id="childGroupKeyRegex" class="java.lang.String">
<constructor-arg><value>cn=(.*),ou=groups,dc=univ,dc=fr</value></constructor-arg>
</bean>
<bean id="keyIndexMatchingGroup" class="java.lang.Integer">
<constructor-arg><value>0</value></constructor-arg>
</bean>
<!--
| NOTE: The remaining examples in this file are configured correctly for
| Active Directory servers.
+-->
<!--
| LDAP query string that will be passed to the search.
+-->
<bean id="filter" class="java.lang.String">
<constructor-arg><value>(objectClass=groupOfNames)</value></constructor-arg>
</bean>
<!--
| These beans tell smartLdap whether to gather additional groups that are
| members of groups returned by the first baseDn and filter, and where to
| look if so.
|
| - resolveMemberGroups=[true|false]
| - resolveDn={a different, broader baseDn than the one above}
|
| Here's how it works: smartLdap will first collect all groups under the
| baseDn specified above. If 'resolveMemberGroups' is enabled, it will
| also search for additional groups (found within the 'resolveDn' specified
| here) that are members of groups in the first collection.
+-->
<bean id="resolveMemberGroups" class="java.lang.Boolean">
<constructor-arg><value>false</value></constructor-arg>
</bean>
<bean id="resolveDn" class="java.lang.String">
<constructor-arg><value>changeme</value></constructor-arg>
</bean>
<!--
| This bean identifies the name of the Person Attribute that
| lists the SmartLdap groups each person is a member of.
+-->
<bean id="memberOfAttributeName" class="java.lang.String">
<constructor-arg><value>isMemberOf</value></constructor-arg>
</bean>
<!--
| This bean identifies the org.springframework.ldap.core.AttributesMapper
| implementation used in reading the groups records from LDAP.
+-->
<bean id="contextMapper" class="org.jasig.portal.groups.smartldap.SimpleContextMapper">
<!--
| Name of the group attribute that tells you its key.
| If ommited, will use the dn.
+-->
<!--
<property name="keyAttributeName">
<value>cn</value>
</property>
-->
<!--
| Name of the group attribute that tells you its name.
+-->
<property name="groupNameAttributeName">
<value>cn</value>
</property>
<!--
| Name of the group attribute that lists its members.
+-->
<property name="membershipAttributeName">
<value>member</value>
</property>
</bean>
|
Prise en compte du SmartLdapGroupStore dans les groupes uPortal
- Ajouter les groupes smartLDAP à votre arboresence arborescence des groupes. Par exemple, vous pouvez modifier le fichier Everyone.group-membership.xml comme suit :
...