Recherche

Sommaire

Pages enfant
  • 5) Mauvaise requète LDAP pour les groupes

Comparaison des versions

Légende

  • Ces lignes ont été ajoutées. Ce mot a été ajouté.
  • Ces lignes ont été supprimées. Ce mot a été supprimé.
  • La mise en forme a été modifiée.

...

Bloc de code
xml
xml
<component name="sample.ldap.config">

  <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
  <require>org.nuxeo.ecm.directory.sql.storage</require>

  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
    point="servers">
    <server name="default">
      <ldapUrl>ldap://srv.univ.fr:389</ldapUrl>
    </server>

  </extension>

  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
    point="directories">
    <directory name="userDirectory">
      <server>default</server>
      <schema>user</schema>
      <idField>username</idField>
      <passwordField>password</passwordField>

      <searchBaseDn>ou=people,dc=univ,dc=fr</searchBaseDn>
      <searchClass>person</searchClass>
      <searchScope>onelevel</searchScope>
      <readOnly>true</readOnly>
      <cacheTimeout>3600</cacheTimeout>
      <cacheMaxSize>1000</cacheMaxSize>

      <creationBaseDn>ou=people,dc=univ,dc=fr</creationBaseDn>
      <creationClass>top</creationClass>
      <creationClass>person</creationClass>
      <creationClass>organizationalPerson</creationClass>
      <creationClass>inetOrgPerson</creationClass>
      <rdnAttribute>uid</rdnAttribute>

      <fieldMapping name="username">eduPersonPrincipalName</fieldMapping>
      <fieldMapping name="firstName">givenName</fieldMapping>
      <fieldMapping name="lastName">sn</fieldMapping>
      <fieldMapping name="company">supannetablissement</fieldMapping>
      <fieldMapping name="email">mail</fieldMapping>
      <references>

        <inverseReference field="groups" directory="groupDirectory"
          dualReferenceField="members" />
      </references>
    </directory>
  </extension>

  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
    point="directories">
    <directory name="groupDirectory">
      <server>default</server>
      <schema>group</schema>
      <idField>groupname</idField>
      <searchBaseDn>ou=groups,dc=univ,dc=fr</searchBaseDn>
      <searchFilter>(|(objectClass=groupOfNames)(objectClass=groupOfURLs))</searchFilter>
      <searchScope>subtree</searchScope>
      <readOnly>true</readOnly>
      <cacheTimeout>3600</cacheTimeout>
      <cacheMaxSize>1000</cacheMaxSize>
      <creationBaseDn>ou=groups,dc=univ,dc=fr</creationBaseDn>
      <creationClass>top</creationClass>
      <creationClass>groupOfUniqueNames</creationClass>
      <rdnAttribute>cn</rdnAttribute>
      <fieldMapping name="groupname">cn</fieldMapping>
      <references>
        <ldapReference field="members" directory="userDirectory"
          forceDnConsistencyCheck="false"
          staticAttributeId="member"
          dynamicAttributeId="memberURL" />
        <ldapReference field="subGroups" directory="groupDirectory"
          forceDnConsistencyCheck="false"
          staticAttributeId="uniqueMember"
          dynamicAttributeId="memberURL" />
        <inverseReference field="parentGroups"
          directory="groupDirectory" dualReferenceField="subGroups" />
      </references>
    </directory>
  </extension>

</component>
{note}

<fieldMapping  name="username">eduPersonPrincipalName</fieldMapping> doit  être en phase avec la configuration de l'authentification Shib


{note}

Remarques

    </directory>
  </extension>

  <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
    point="directories">
    <directory name="groupDirectory">
      <server>default</server>
      <schema>group</schema>

      <idField>groupname</idField>
      <searchBaseDn>ou=groups,dc=univ,dc=fr</searchBaseDn>
      <searchFilter>(|(objectClass=groupOfNames)(objectClass=groupOfURLs))</searchFilter>
      <searchScope>subtree</searchScope>
      <readOnly>true</readOnly>
      <cacheTimeout>3600</cacheTimeout>

      <cacheMaxSize>1000</cacheMaxSize>
      <creationBaseDn>ou=groups,dc=univ,dc=fr</creationBaseDn>
      <creationClass>top</creationClass>
      <creationClass>groupOfUniqueNames</creationClass>
      <rdnAttribute>cn</rdnAttribute>
      <fieldMapping name="groupname">cn</fieldMapping>

      <references>
        <ldapReference field="members" directory="userDirectory"
          forceDnConsistencyCheck="false"
          staticAttributeId="member"
          dynamicAttributeId="memberURL" />
        <ldapReference field="subGroups" directory="groupDirectory"
          forceDnConsistencyCheck="false"
          staticAttributeId="uniqueMember"
          dynamicAttributeId="memberURL" />
        <inverseReference field="parentGroups"
          directory="groupDirectory" dualReferenceField="subGroups" />
      </references>
    </directory>
  </extension>

</component>

Remarque

<fieldMapping name="username">eduPersonPrincipalName</fieldMapping> doit être en phase avec la configuration de l'authentification Shib

Remarques