Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0"?>
- <component name="org.nuxeo.ecm.directory.ldap.storage.users">
- <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
- <!-- the groups SQL directories are required to make this bundle work -->
- <require>org.nuxeo.ecm.directory.sql.storage</require>
- <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
- point="servers">
- <!-- Configuration of a server connection
- A single server declaration can point to a cluster of replicated
- servers (using OpenLDAP's slapd + sluprd for instance). To leverage
- such a cluster and improve availability, please provide one
- <ldapUrl/> tag for each replica of the cluster.
- -->
- <server name="default">
- <ldapUrl>ldap://192.168.1.113:389</ldapUrl>
- <!-- Optional servers from the same cluster for failover
- and load balancing:
- <ldapUrl>ldap://server2:389</ldapUrl>
- <ldapUrl>ldaps://server3:389</ldapUrl>
- "ldaps" means TLS/SSL connection.
- -->
- <!-- Credentials used by Nuxeo5 to browse the directory, create
- and modify entries.
- Only the authentication of users (bind) use the credentials entered
- through the login form if any.
- -->
- <bindDn>cn=nuxeo5,ou=applications,dc=example,dc=com</bindDn>
- <bindPassword>changeme</bindPassword>
- </server>
- </extension>
- <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
- point="directories">
- <directory name="userLdapDirectory">
- <server>default</server>
- <schema>user</schema>
- <idField>username</idField>
- <passwordField>password</passwordField>
- <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn>
- <searchClass>person</searchClass>
- <!-- To additionally restricte entries you can add an
- arbitrary search filter such as the following:
- <searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</searchFilter>
- Beware that "&" writes "&" in XML.
- -->
- <!-- use subtree if the people branch is nested -->
- <searchScope>onelevel</searchScope>
- <!-- using 'subany', search will match *toto*. use 'subfinal' to
- match *toto and 'subinitial' to match toto*. subinitial is the
- default behaviour-->
- <substringMatchType>subany</substringMatchType>
- <readOnly>false</readOnly>
- <!-- comment <cache* /> tags to disable the cache -->
- <!-- cache timeout in seconds -->
- <cacheTimeout>3600</cacheTimeout>
- <!-- maximum number of cached entries before global invalidation -->
- <cacheMaxSize>1000</cacheMaxSize>
- <!--
- If the id field is not returned by the search, we set it with the searched entry, probably the login.
- Before setting it, you can change its case. Accepted values are 'lower' and 'upper',
- anything else will not change the case.
- -->
- <missingIdFieldCase>lower</missingIdFieldCase>
- <!-- Maximum number of entries returned by the search -->
- <querySizeLimit>200</querySizeLimit>
- <!-- Time to wait for a search to finish. 0 to wait indefinitely -->
- <queryTimeLimit>0</queryTimeLimit>
- <creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn>
- <creationClass>top</creationClass>
- <creationClass>person</creationClass>
- <creationClass>organizationalPerson</creationClass>
- <creationClass>inetOrgPerson</creationClass>
- <rdnAttribute>uid</rdnAttribute>
- <fieldMapping name="username">uid</fieldMapping>
- <fieldMapping name="password">userPassword</fieldMapping>
- <fieldMapping name="firstName">givenName</fieldMapping>
- <fieldMapping name="lastName">sn</fieldMapping>
- <fieldMapping name="company">o</fieldMapping>
- <fieldMapping name="email">mail</fieldMapping>
- <references>
- <inverseReference field="groups" directory="groupLdapDirectory"
- dualReferenceField="members" />
- </references>
- </directory>
- <directory name="groupLdapDirectory">
- <server>default</server>
- <schema>group</schema>
- <idField>groupname</idField>
- <searchBaseDn>ou=groups,dc=example,dc=com</searchBaseDn>
- <searchFilter>(|(objectClass=groupOfUniqueNames)(objectClass=groupOfURLs))</searchFilter>
- <searchScope>subtree</searchScope>
- <!-- Special entry adaptor that makes entries in the ou=editable branch editable
- other entries have the readonly flag. This require adding a "dn" xs:string field
- to the group schema.
- <entryAdaptor class="org.nuxeo.ecm.directory.impl.WritePolicyEntryAdaptor">
- <parameter name="fieldName">dn</parameter>
- <parameter name="regexp">.*,ou=editable,ou=groups,dc=example,dc=com</parameter>
- </entryAdaptor>
- -->
- <readOnly>false</readOnly>
- <cacheTimeout>3600</cacheTimeout>
- <cacheMaxSize>1000</cacheMaxSize>
- <creationBaseDn>ou=editable,ou=groups,dc=example,dc=com</creationBaseDn>
- <creationClass>top</creationClass>
- <creationClass>groupOfUniqueNames</creationClass>
- <rdnAttribute>cn</rdnAttribute>
- <querySizeLimit>200</querySizeLimit>
- <queryTimeLimit>0</queryTimeLimit>
- <fieldMapping name="groupname">cn</fieldMapping>
- <references>
- <!-- LDAP reference resolve DNs embedded in uniqueMember attributes
- If the target directory has no specific filtering policy, it is most
- of the time not necessary to enable the 'forceDnConsistencyCheck' policy.
- Enabling this option will fetch each reference entry to ensure its
- existence in the target directory.
- -->
- <ldapReference directory="userLdapDirectory"
- dynamicAttributeId="memberURL" field="members"
- forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
- <ldapReference directory="groupLdapDirectory"
- dynamicAttributeId="memberURL" field="subGroups"
- forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
- <inverseReference directory="groupLdapDirectory"
- dualReferenceField="subGroups" field="parentGroups"/>
- <ldapTreeReference directory="groupLdapDirectory"
- field="children" scope="onelevel"/>
- <inverseReference directory="groupLdapDirectory"
- dualReferenceField="children" field="parents"/>
- </references>
- </directory>
- </extension>
- <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
- <userManager>
- <users>
- <directory>userLdapDirectory</directory>
- </users>
- <groups>
- <directory>groupLdapDirectory</directory>
- </groups>
- <defaultAdministratorId>Administrator</defaultAdministratorId>
- <defaultGroup>members</defaultGroup>
- </userManager>
- </extension>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement