19:55
newjoyzzz
Nuxeo patch
Nuxeo doesn’t support RFC 2307 POSIX LDAP schemas out of the box. Even if the configuration options for LDAP directories in Nuxeo are extremely flexible, a small patch is required for POSIX group to work. The patch makes Nuxeo search for group members using an ID instead of a DN (DistinguishedName). The last version of the patch is available in the Nuxeo JIRA bug tracker as bug 6430. The patch requires very limited change to the LDAP directory configuration.For your convenience, I have provided a pre-compiled binary
.jar including the patch. This will work on Nuxeo 5.4.0.1 and probably Nuxeo 5.4.0 but it may already be outdated as you read this article. In the download links below, you will also find the integral version of some relevant configuration files. I can’t post all the configuration files I have used because they include private informations.The following block of XML is an excerpt of the group directory configuration in Nuxeo. I can’t provided this file in its entirety but I can show just the section that needs to be modified. To properly support POSIX groups, you first don’t need references for
subGroups and parentGroups. You only need a ldapReference for the group members but they need to be searched in way different than what Nuxeo usually does.1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | <component name="com.rlnx.nuxeo.ldap.group"> <implementation class="org.nuxeo.ecm.directory.ldap.LDAPDirectoryDescriptor"/> <implementation class="org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor"/> <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require> <require>com.rlnx.nuxeo.posix.schema</require> <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory" point="directories"> <directory name="groupDirectory">... <references> <ldapReference field="members" directory="userDirectory" forceDnConsistencyCheck="false" staticAttributeId="memberUID" staticAttributeIsId="true" /> </references> </directory> </extension></component> |
staticAttributeIsId configuration which tells Nuxeo that the content of staticAttribute is an ID and not a DN. The patch then makes Nuxeo search for the members of groups accordingly.After this simple change with the patch, the new schema can be used in read-only mode. To use the POSIX schema in read/write mode you need modify several more things because the POSIX schema requires to input things like UIDs and GIDs when creating a new user account or a new group.
The rest of what is required is based on the information available in the Nuxeo documentation: Adding custom LDAP fields to the UI. For my own use, I just decided to do the minimum that is required to properly create a new user and new groups in the directory: add UID and GID fields and remove
subGroups and parentGroups which are not supported by the schema. You might need to add or remove more fields to and from the UI to support your schema but the process will stay mostly the same as with those fields. Schema extension
Since Nuxeo is accessing the user and group accounts data throughDocument objects, you need to redefine the user and group schemas so they are able to provide the right informations to Nuxeo.Here is an excerpt of the user schema definition (
posix-ldap-user-schema.xsd).1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | <?xml version="1.0"?>... <xs:element name="username" type="xs:string" /> <xs:element name="password" type="xs:string" /> <xs:element name="email" type="xs:string" /> <xs:element name="firstName" type="xs:string" /> <xs:element name="lastName" type="xs:string" /> <xs:element name="company" type="xs:string" /> <xs:element name="uidNumber" type="xs:int" /> <xs:element name="gidNumber" type="xs:int" /> <xs:element name="groups" type="nxs:stringList" /></xs:schema> |
posix-ldap-group-schema.xsd).1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <?xml version="1.0"?>... <xs:element name="groupname" type="xs:string" /> <xs:element name="description" type="xs:string" /> <!-- references --> <xs:element name="members" type="nxs:stringList" /> <xs:element name="gidNumber" type="xs:int" /></xs:schema> |
1 2 3 4 5 6 7 | <?xml version="1.0"?><component name="com.rlnx.nuxeo.posix.schema"> <extension target="org.nuxeo.ecm.core.schema.TypeService" point="schema"> <schema name="posix-user" src="posix-ldap-user-schema.xsd" /> <schema name="posix-group" src="posix-ldap-group-schema.xsd" /> </extension></component> |
Layout extension
Finally, you need to redefine the UI used to create users and groups. Here is a small excerpt of what was added to the default layout.1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | <layout ...... <row> <widget>uidNumber</widget> </row> <row> <widget>gidNumber</widget> </row>... <widget name="uidNumber" type="text"> <labels> <label mode="any">UID</label> </labels> <fields> <field schema="posix-user">uidNumber</field> </fields> <widgetModes> <mode value="create">edit</mode> <mode value="editPassword">hidden</mode> <mode value="any">view</mode> </widgetModes> <properties widgetMode="edit"> <property name="required">true</property> <property name="styleClass">dataInputText</property> </properties> </widget> <widget name="gidNumber" type="text"> <labels> <label mode="any">GID</label> </labels> <fields> <field schema="posix-user">gidNumber</field> </fields> <widgetModes> <mode value="create">edit</mode> <mode value="editPassword">hidden</mode> <mode value="any">view</mode> </widgetModes> <properties widgetMode="edit"> <property name="required">true</property> <property name="styleClass">dataInputText</property> </properties> </widget>...</layout> |
Configuration files
posix-ldap-user-schema.xmlposix-ldap-schema-config.xsdposix-ldap-group-schema.xsdposix-layout-config.xml
Patched component
Copy this file in thebundles directory of your Nuxeo installation, replacing the file of the same name. Erase the earlier version of the file (5.4.0) if you are running with an older version of Nuxeo.
0 comments:
Post a Comment