root/org.nuxeo.ecm.platform/trunk/nuxeo-platform-directory-ldap/examples/default-ldap-groups-directory-bundle.xml

Revision 26973, 2.5 kB (checked in by ogrisel, 3 years ago)

NXP-1506: dynamic reference support: groups can now be defined by implicit ldap URLs

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
Line 
1 <?xml version="1.0"?>
2
3 <component name="org.nuxeo.ecm.directory.ldap.storage.groups">
4   <implementation
5     class="org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor" />
6   <implementation
7     class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor" />
8   <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
9
10   <!-- the groups LDAP directory for users is required to make this bundle work -->
11   <require>org.nuxeo.ecm.directory.ldap.storage.users</require>
12
13   <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
14     point="directories">
15
16     <directory name="groupDirectory">
17
18       <!-- Reuse the default server configuration defined for userDirectory -->
19       <server>default</server>
20
21       <schema>group</schema>
22       <idField>groupname</idField>
23
24       <searchBaseDn>ou=groups,dc=example,dc=com</searchBaseDn>
25       <searchFilter>(|(objectClass=groupOfUniqueNames)(objectClass=groupOfURLs))</searchFilter>
26       <searchScope>subtree</searchScope>
27
28       <readOnly>false</readOnly>
29
30       <!-- comment <cache* /> tags to disable the cache -->
31       <!-- cache timeout in seconds -->
32       <cacheTimeout>3600</cacheTimeout>
33
34       <!-- maximum number of cached entries before global invalidation -->
35       <cacheMaxSize>1000</cacheMaxSize>
36
37       <creationBaseDn>ou=groups,dc=example,dc=com</creationBaseDn>
38       <creationClass>top</creationClass>
39       <creationClass>groupOfUniqueNames</creationClass>
40       <rdnAttribute>cn</rdnAttribute>
41
42       <fieldMapping name="groupname">cn</fieldMapping>
43
44       <references>
45
46
47         <!-- LDAP reference resolve DNs embedded in uniqueMember attributes
48
49           If the target directory has no specific filtering policy, it is most
50           of the time not necessary to enable the 'forceDnConsistencyCheck' policy.
51
52           Enabling this option will fetch each reference entry to ensure its
53           existence in the target directory.
54         -->
55
56         <ldapReference field="members" directory="userDirectory"
57           forceDnConsistencyCheck="false"
58           staticAttributeId="uniqueMember"
59           dynamicAttributeId="memberURL" />
60
61         <ldapReference field="subGroups" directory="groupDirectory"
62           forceDnConsistencyCheck="false"
63           staticAttributeId="uniqueMember"
64           dynamicAttributeId="memberURL" />
65
66         <inverseReference field="parentGroups"
67           directory="groupDirectory" dualReferenceField="subGroups" />
68
69       </references>
70
71     </directory>
72
73   </extension>
74
75 </component>
Note: See TracBrowser for help on using the browser.