| 1 |
================ |
|---|
| 2 |
LDAP setup howto |
|---|
| 3 |
================ |
|---|
| 4 |
|
|---|
| 5 |
:Author: Olivier Grisel <ogrisel@nuxeo.com> |
|---|
| 6 |
|
|---|
| 7 |
.. sectnum:: :depth: 2 |
|---|
| 8 |
.. contents:: :depth: 2 |
|---|
| 9 |
|
|---|
| 10 |
Overview |
|---|
| 11 |
======== |
|---|
| 12 |
|
|---|
| 13 |
This project (org.nuxeo.ecm.directory.ldap) provides a partial (readonly) |
|---|
| 14 |
implementation for the Nuxeo Directory interface for a LDAP server |
|---|
| 15 |
(OpenLDAP, MS Active Directory, Sun Directory Server, ...) as storage |
|---|
| 16 |
backend. |
|---|
| 17 |
|
|---|
| 18 |
The typical use case is to fetch users and groups definitions and |
|---|
| 19 |
credential from the company directory instead of using the default |
|---|
| 20 |
builtin SQL DB. |
|---|
| 21 |
|
|---|
| 22 |
|
|---|
| 23 |
Deployment |
|---|
| 24 |
========== |
|---|
| 25 |
|
|---|
| 26 |
By default the LDAP connector with no configuration since the internal SQL |
|---|
| 27 |
directories are used as defined in the ``nuxeo-platform-ear`` project. |
|---|
| 28 |
|
|---|
| 29 |
To use the LDAP Directory implementation, you will need to manually deploy one |
|---|
| 30 |
of the following configurations: |
|---|
| 31 |
|
|---|
| 32 |
- Users in LDAP, groups in SQL: |
|---|
| 33 |
|
|---|
| 34 |
Go to the ``examples`` sub-folder and copy the |
|---|
| 35 |
``default-ldap-users-directory-bundle.xml`` file in the ``nuxeo.ear/config`` |
|---|
| 36 |
folder of the JBoss instance. |
|---|
| 37 |
|
|---|
| 38 |
This sample setup replaces the default ``userDirectory`` configuration |
|---|
| 39 |
SQL with users fetched from the LDAP server. The ``groupDirectory`` |
|---|
| 40 |
remains unaffected by this setup. |
|---|
| 41 |
|
|---|
| 42 |
You might want to copy the file ``default-virtual-groups-bundle.xml`` |
|---|
| 43 |
and adjust ``defaultAdministratorId`` to select a user from your LDAP that |
|---|
| 44 |
have administrative rights by default. |
|---|
| 45 |
|
|---|
| 46 |
You can also configure the section on ``defaultGroup`` to make all users |
|---|
| 47 |
members of some default group (typically the ``members`` group) so that |
|---|
| 48 |
they have default right without having to make them belong to groups |
|---|
| 49 |
explicitly. |
|---|
| 50 |
|
|---|
| 51 |
|
|---|
| 52 |
- Users and groups in LDAP: |
|---|
| 53 |
|
|---|
| 54 |
Copy the users setup as previously; moreover copy the |
|---|
| 55 |
``default-ldap-groups-directory-bundle.xml` file in the ``nuxeo.ear/config`` |
|---|
| 56 |
folder of the JBoss instance. |
|---|
| 57 |
|
|---|
| 58 |
This sample setup wich is dependant on the previous one additionally |
|---|
| 59 |
overides the default ``groupDirectory`` setup to read the groups from |
|---|
| 60 |
the LDAP directory typically from groupOfUniqueNames entries with |
|---|
| 61 |
dully quallified ``dn`` references to the user entries or to subgroups. |
|---|
| 62 |
|
|---|
| 63 |
|
|---|
| 64 |
You can edit the ``nuxeo.ear/config/*.xml`` files on the Jboss instance but |
|---|
| 65 |
will need to restart JBoss to take changes into account. |
|---|
| 66 |
|
|---|
| 67 |
|
|---|
| 68 |
Advanced setup |
|---|
| 69 |
============== |
|---|
| 70 |
|
|---|
| 71 |
TODO: |
|---|
| 72 |
|
|---|
| 73 |
- Talk about how to embed and deploy your LDAP configuration in your own |
|---|
| 74 |
custom jar file. |
|---|
| 75 |
|
|---|
| 76 |
- Talk about the server configuration block. |
|---|
| 77 |
|
|---|
| 78 |
- Talk about the concept of references. |
|---|
| 79 |
|
|---|
| 80 |
|
|---|
| 81 |
Tools to setup a sample LDAP server |
|---|
| 82 |
=================================== |
|---|
| 83 |
|
|---|
| 84 |
The ``ldaptools/`` folder provides sample ldiff files and OpenLDAP configuration |
|---|
| 85 |
file to help you setup a sample OpenLDAP server you can use as a base config to |
|---|
| 86 |
build your corporate directory. |
|---|
| 87 |
|
|---|
| 88 |
Please refere to the included ``README.txt`` file for sample usage and basic |
|---|
| 89 |
instructions. |
|---|
| 90 |
|
|---|
| 91 |
|
|---|
| 92 |
|
|---|
