Recherche
Ajout dans nxserver/config de ce ldap-config.xml (le suffixe -config.xml est important pour que le fichier soit pris en compte) :
<component name="sample.ldap.config"> <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require> <require>org.nuxeo.ecm.directory.sql.storage</require> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="servers"> <server name="default"> <ldapUrl>ldap://srv.univ.fr:389</ldapUrl> </server> </extension> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <directory name="userDirectory"> <server>default</server> <schema>user</schema> <idField>username</idField> <passwordField>password</passwordField> <searchBaseDn>ou=people,dc=univ,dc=fr</searchBaseDn> <searchClass>person</searchClass> <searchScope>onelevel</searchScope> <readOnly>true</readOnly> <cacheTimeout>3600</cacheTimeout> <cacheMaxSize>1000</cacheMaxSize> <creationBaseDn>ou=people,dc=univ,dc=fr</creationBaseDn> <creationClass>top</creationClass> <creationClass>person</creationClass> <creationClass>organizationalPerson</creationClass> <creationClass>inetOrgPerson</creationClass> <rdnAttribute>uid</rdnAttribute> <fieldMapping name="username">eduPersonPrincipalName</fieldMapping> <fieldMapping name="firstName">givenName</fieldMapping> <fieldMapping name="lastName">sn</fieldMapping> <fieldMapping name="company">supannetablissement</fieldMapping> <fieldMapping name="email">mail</fieldMapping> <references> <inverseReference field="groups" directory="groupDirectory" dualReferenceField="members" /> </references> </directory> </extension> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <directory name="groupDirectory"> <server>default</server> <schema>group</schema> <idField>groupname</idField> <searchBaseDn>ou=groups,dc=univ,dc=fr</searchBaseDn> <searchFilter>(|(objectClass=groupOfNames)(objectClass=groupOfURLs))</searchFilter> <searchScope>subtree</searchScope> <readOnly>true</readOnly> <cacheTimeout>3600</cacheTimeout> <cacheMaxSize>1000</cacheMaxSize> <creationBaseDn>ou=groups,dc=univ,dc=fr</creationBaseDn> <creationClass>top</creationClass> <creationClass>groupOfUniqueNames</creationClass> <rdnAttribute>cn</rdnAttribute> <fieldMapping name="groupname">cn</fieldMapping> <references> <ldapReference field="members" directory="userDirectory" forceDnConsistencyCheck="false" staticAttributeId="member" dynamicAttributeId="memberURL" /> <ldapReference field="subGroups" directory="groupDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" /> <inverseReference field="parentGroups" directory="groupDirectory" dualReferenceField="subGroups" /> </references> </directory> </extension> </component> {note} <fieldMapping name="username">eduPersonPrincipalName</fieldMapping> doit être en phase avec la configuration de l'authentification Shib {note} Remarques </directory> </extension> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <directory name="groupDirectory"> <server>default</server> <schema>group</schema> <idField>groupname</idField> <searchBaseDn>ou=groups,dc=univ,dc=fr</searchBaseDn> <searchFilter>(|(objectClass=groupOfNames)(objectClass=groupOfURLs))</searchFilter> <searchScope>subtree</searchScope> <readOnly>true</readOnly> <cacheTimeout>3600</cacheTimeout> <cacheMaxSize>1000</cacheMaxSize> <creationBaseDn>ou=groups,dc=univ,dc=fr</creationBaseDn> <creationClass>top</creationClass> <creationClass>groupOfUniqueNames</creationClass> <rdnAttribute>cn</rdnAttribute> <fieldMapping name="groupname">cn</fieldMapping> <references> <ldapReference field="members" directory="userDirectory" forceDnConsistencyCheck="false" staticAttributeId="member" dynamicAttributeId="memberURL" /> <ldapReference field="subGroups" directory="groupDirectory" forceDnConsistencyCheck="false" staticAttributeId="uniqueMember" dynamicAttributeId="memberURL" /> <inverseReference field="parentGroups" directory="groupDirectory" dualReferenceField="subGroups" /> </references> </directory> </extension> </component>
<fieldMapping name="username">eduPersonPrincipalName</fieldMapping> doit être en phase avec la configuration de l'authentification Shib