API tools faq
paste
Advertisement
geekonspace

xml to config nuxeo LDAP

geekonspace
Oct 24th, 2011
774
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 7.07 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0"?>
  2. <component name="org.nuxeo.ecm.directory.ldap.storage.users">
  3.   <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
  4.  
  5.   <!-- the groups SQL directories are required to make this bundle work -->
  6.   <require>org.nuxeo.ecm.directory.sql.storage</require>
  7.  
  8.   <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
  9.    point="servers">
  10.  
  11.     <!-- Configuration of a server connection
  12.  
  13.      A single server declaration can point to a cluster of replicated
  14.      servers (using OpenLDAP's slapd + sluprd for instance). To leverage
  15.      such a cluster and improve availability, please provide one
  16.      <ldapUrl/> tag for each replica of the cluster.
  17.    -->
  18.     <server name="default">
  19.  
  20.       <ldapUrl>ldap://192.168.1.113:389</ldapUrl>
  21.       <!-- Optional servers from the same cluster for failover
  22.        and load balancing:
  23.  
  24.        <ldapUrl>ldap://server2:389</ldapUrl>
  25.        <ldapUrl>ldaps://server3:389</ldapUrl>
  26.  
  27.        "ldaps" means TLS/SSL connection.
  28.      -->
  29.  
  30.       <!-- Credentials used by Nuxeo5 to browse the directory, create
  31.        and modify entries.
  32.  
  33.        Only the authentication of users (bind) use the credentials entered
  34.        through the login form if any.
  35.      -->
  36.       <bindDn>cn=nuxeo5,ou=applications,dc=example,dc=com</bindDn>
  37.       <bindPassword>changeme</bindPassword>
  38.     </server>
  39.  
  40.   </extension>
  41.  
  42.   <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
  43.    point="directories">
  44.  
  45.     <directory name="userLdapDirectory">
  46.       <server>default</server>
  47.       <schema>user</schema>
  48.       <idField>username</idField>
  49.       <passwordField>password</passwordField>
  50.  
  51.       <searchBaseDn>ou=people,dc=example,dc=com</searchBaseDn>
  52.       <searchClass>person</searchClass>
  53.       <!-- To additionally restricte entries you can add an
  54.        arbitrary search filter such as the following:
  55.  
  56.        <searchFilter>(&amp;(sn=toto*)(myCustomAttribute=somevalue))</searchFilter>
  57.  
  58.        Beware that "&" writes "&amp;" in XML.
  59.      -->
  60.  
  61.       <!-- use subtree if the people branch is nested -->
  62.       <searchScope>onelevel</searchScope>
  63.  
  64.       <!-- using 'subany', search will match *toto*. use 'subfinal' to
  65.        match *toto and 'subinitial' to match toto*. subinitial is the
  66.        default  behaviour-->
  67.       <substringMatchType>subany</substringMatchType>
  68.  
  69.       <readOnly>false</readOnly>
  70.  
  71.       <!-- comment <cache* /> tags to disable the cache -->
  72.       <!-- cache timeout in seconds -->
  73.       <cacheTimeout>3600</cacheTimeout>
  74.  
  75.       <!-- maximum number of cached entries before global invalidation -->
  76.       <cacheMaxSize>1000</cacheMaxSize>
  77.  
  78.       <!--
  79.           If the id field is not returned by the search, we set it with the searched entry, probably the login.
  80.           Before setting it, you can change its case. Accepted values are 'lower' and 'upper',
  81.           anything else will not change the case.
  82.      -->
  83.       <missingIdFieldCase>lower</missingIdFieldCase>
  84.  
  85.       <!-- Maximum number of entries returned by the search -->
  86.       <querySizeLimit>200</querySizeLimit>
  87.  
  88.       <!-- Time to wait for a search to finish. 0 to wait indefinitely -->
  89.       <queryTimeLimit>0</queryTimeLimit>
  90.  
  91.       <creationBaseDn>ou=people,dc=example,dc=com</creationBaseDn>
  92.       <creationClass>top</creationClass>
  93.       <creationClass>person</creationClass>
  94.       <creationClass>organizationalPerson</creationClass>
  95.       <creationClass>inetOrgPerson</creationClass>
  96.  
  97.       <rdnAttribute>uid</rdnAttribute>
  98.       <fieldMapping name="username">uid</fieldMapping>
  99.       <fieldMapping name="password">userPassword</fieldMapping>
  100.       <fieldMapping name="firstName">givenName</fieldMapping>
  101.       <fieldMapping name="lastName">sn</fieldMapping>
  102.       <fieldMapping name="company">o</fieldMapping>
  103.       <fieldMapping name="email">mail</fieldMapping>
  104.  
  105.       <references>
  106.  
  107.         <inverseReference field="groups" directory="groupLdapDirectory"
  108.          dualReferenceField="members" />
  109.  
  110.       </references>
  111.  
  112.     </directory>
  113.  
  114.    
  115.     <directory name="groupLdapDirectory">
  116.         <server>default</server>
  117.         <schema>group</schema>
  118.         <idField>groupname</idField>
  119.         <searchBaseDn>ou=groups,dc=example,dc=com</searchBaseDn>
  120.         <searchFilter>(|(objectClass=groupOfUniqueNames)(objectClass=groupOfURLs))</searchFilter>
  121.         <searchScope>subtree</searchScope>
  122.         <!-- Special entry adaptor that makes entries in the ou=editable branch editable
  123.          other entries have the readonly flag. This require adding a "dn" xs:string field
  124.          to the group schema.
  125.          
  126.        <entryAdaptor class="org.nuxeo.ecm.directory.impl.WritePolicyEntryAdaptor">
  127.            <parameter name="fieldName">dn</parameter>
  128.            <parameter name="regexp">.*,ou=editable,ou=groups,dc=example,dc=com</parameter>
  129.        </entryAdaptor>
  130.     -->
  131.         <readOnly>false</readOnly>
  132.         <cacheTimeout>3600</cacheTimeout>
  133.         <cacheMaxSize>1000</cacheMaxSize>
  134.         <creationBaseDn>ou=editable,ou=groups,dc=example,dc=com</creationBaseDn>
  135.         <creationClass>top</creationClass>
  136.         <creationClass>groupOfUniqueNames</creationClass>
  137.         <rdnAttribute>cn</rdnAttribute>
  138.         <querySizeLimit>200</querySizeLimit>
  139.         <queryTimeLimit>0</queryTimeLimit>
  140.         <fieldMapping name="groupname">cn</fieldMapping>
  141.         <references>
  142.             <!-- LDAP reference resolve DNs embedded in uniqueMember attributes
  143.  
  144.              If the target directory has no specific filtering policy, it is most
  145.              of the time not necessary to enable the 'forceDnConsistencyCheck' policy.
  146.  
  147.              Enabling this option will fetch each reference entry to ensure its
  148.              existence in the target directory.
  149.            -->
  150.             <ldapReference directory="userLdapDirectory"
  151.                dynamicAttributeId="memberURL" field="members"
  152.                forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
  153.             <ldapReference directory="groupLdapDirectory"
  154.                dynamicAttributeId="memberURL" field="subGroups"
  155.                forceDnConsistencyCheck="false" staticAttributeId="uniqueMember"/>
  156.             <inverseReference directory="groupLdapDirectory"
  157.                dualReferenceField="subGroups" field="parentGroups"/>
  158.             <ldapTreeReference directory="groupLdapDirectory"
  159.                field="children" scope="onelevel"/>
  160.             <inverseReference directory="groupLdapDirectory"
  161.                dualReferenceField="children" field="parents"/>
  162.         </references>
  163.     </directory>   
  164.  
  165.  
  166.   </extension>
  167.  
  168.   <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
  169.  
  170.     <userManager>
  171.       <users>
  172.         <directory>userLdapDirectory</directory>
  173.       </users>
  174.      
  175.       <groups>
  176.         <directory>groupLdapDirectory</directory>
  177.       </groups>
  178.      
  179.       <defaultAdministratorId>Administrator</defaultAdministratorId>
  180.       <defaultGroup>members</defaultGroup>
  181.     </userManager>
  182.  
  183.   </extension>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!