Recherche
...
Bloc de code |
---|
Index: /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-groups-directory-bundle.xml =================================================================== \--\- /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-groups-directory-bundle.xml (revision 628) \++\+ /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-groups-directory-bundle.xml (working copy) @@ \-10,66 \+10,4 @@ <\!-\- the groups LDAP directory for users is required to make this bundle work \--> <require>org.nuxeo.ecm.directory.ldap.storage.users</require> \- <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" \- - point="directories"> \- \- - <directory name="groupDirectory"> \- \- <\!-\- <!-- Reuse the default server configuration defined for userDirectory \--> \- - <server>default</server> \- \- - <schema>group</schema> \- - <idField>groupname</idField> \- \- - <searchBaseDn><at:var at:name="ldapSearchBaseDn" /></searchBaseDn> \- - <searchFilter>(\|(objectClass=groupOfNames)(objectClass=groupOfURLs))</searchFilter> \- <searchScope>subtree</searchScope> \- \- - <readOnly>true</readOnly> \- \- <\!-\- <!-- comment <cache\* /> tags to disable the cache \--> \- <\!-\- <!-- cache timeout in seconds \--> \- - <cacheTimeout>3600</cacheTimeout> \- \- <\!-\- <!-- maximum number of cached entries before global invalidation \--> \- - <cacheMaxSize>1000</cacheMaxSize> \- \- - <creationBaseDn><at:var at:name="ldapSearchBaseDn" /></creationBaseDn> \- - <creationClass>top</creationClass> \- - <creationClass>groupOfUniqueNames</creationClass> \- - <rdnAttribute>cn</rdnAttribute> \- \- - <fieldMapping name="groupname">cn</fieldMapping> \- \- - <references> \- \- \- <\!-\- <!-- LDAP reference resolve DNs embedded in uniqueMember attributes \- \- - If the target directory has no specific filtering policy, it is most \- - of the time not necessary to enable the 'forceDnConsistencyCheck' policy. \- \- Enabling - Enabling this option will fetch each reference entry to ensure its \- - existence in the target directory. \- \- --> \- \- - <ldapReference field="members" directory="userDirectory" \- - forceDnConsistencyCheck="false" \- - staticAttributeId="member" \- - dynamicAttributeId="memberURL" /> \- \- - <ldapReference field="subGroups" directory="groupDirectory" \- forceDnConsistencyCheck- forceDnConsistencyCheck="false" \- - staticAttributeId="uniqueMember" \- - dynamicAttributeId="memberURL" /> \- \- - <inverseReference field="parentGroups" \- - directory="groupDirectory" dualReferenceField="subGroups" /> \- \- - </references> \- \- - </directory> \- \- </extension> \- </component> |
On adapte ce fichier à l'utilisation de l'Active Directory Microsoft, cf diff ci-dessous
Bloc de code |
---|
Index: /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-users-directory-bundle.xml =================================================================== \--\- /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-users-directory-bundle.xml (revision 628) \++\+ /opt/ori-oai/ori-oai-src/esup-ecm-svn/esup-ecm-config-plugin/src/main/resources/config/default-ldap-users-directory-bundle.xml (working copy) @@ \-35,10 \+35,11 @@ Only the authentication of users (bind) use the credentials entered through the login form if through the login form if any.--> \- - @begin.ldap.bind@ \- - <bindDn>@ldap.bindDn@</bindDn> \- - <bindPassword>@ldap.bindPassword@</bindPassword> \- - @end.ldap.bind@ + \+ + <bindDn>le sAMAccountName d'un "admin" dans l'AD</bindDn> \+ + <bindPassword>son password</bindPassword> + </server> </extension> @@ \-52,8 \+53,8 @@ <idField>username</idField> <passwordField>password</passwordField> <searchBaseDn><at:var at:name="ldapSearchBaseDn" /></searchBaseDn> \- - <searchClass>person</searchClass> \+ + <searchClass>User</searchClass> <\!-\ <!-- To additionally restricte entries you can add an arbitrary search filter such as the following: @@ \-63,7 \+64,12 @@ \ --> <\!-\ <!-- use subtree if the people branch is nested \--> \- - <searchScope>onelevel</searchScope> \+ + <searchScope>subtree</searchScope> \+ \+ <\!-\+ + <!-- using 'subany', search will match toto. use 'subfinal' to \+ + match toto and 'subinitial' to match toto. subinitial is the \+ + default behaviour--> \+ + <substringMatchType>subany</substringMatchType> <readOnly>true</readOnly> @@ \-74,26 \+80,28 @@ <\!-\ <!-- maximum number of cached entries before global invalidation \--> <cacheMaxSize>1000</cacheMaxSize> <creationBaseDn><at:var at:name="ldapSearchBaseDn" /></creationBaseDn> <creationClass>top</creationClass> <creationClass>person</creationClass> <creationClass>person</creationClass> <creationClass>organizationalPerson</creationClass> <creationClass>inetOrgPerson</creationClass> \- <creationClass>inetOrgPerson</creationClass> - <rdnAttribute>uid</rdnAttribute> \+ + <rdnAttribute>sAMAccountName</rdnAttribute> \- - <fieldMapping name="username">uid</fieldMapping> \- - <fieldMapping name="firstName"><at:var at:name="ldapFirstName" /></fieldMapping> \- - <fieldMapping name="lastName"><at:var at:name="ldapLastName" /></fieldMapping> \- - <fieldMapping name="company"><at:var at:name="ldapCompagny" /></fieldMapping> \- - <fieldMapping name="email"><at:var at:name="ldapEmail" /></fieldMapping> \- \+ - + <fieldMapping name="username">sAMAccountName</fieldMapping> \+ + <fieldMapping name="password">userPassword</fieldMapping> \+ + <fieldMapping name="firstName">givenName</fieldMapping> \+ + <fieldMapping name="lastName">sn</fieldMapping> \+ + <fieldMapping name="company">compagny</fieldMapping> \+ + <fieldMapping name="email">mail</fieldMapping> + \+<\!-- <references> <references> <inverseReference field="groups" directory="groupDirectory" dualReferenceField="members" /> </references> \- \+--> </directory> </extension> |