Users in LDAP, groups in SQL

Go to the examples sub-folder and copy the default-ldap-users-directory-bundle.xml file in the nuxeo.ear/config folder of the JBoss instance (or bundle it in a jar, cf packaging in this guide). This sample setup replaces the default userDirectory configuration SQL with users fetched from the LDAP server. The groupDirectory remains unaffected by this setup. You might want to copy the file default-virtual-groups-bundle.xml and adjust defaultAdministratorId to select a user from your LDAP that have administrative rights by default. You can also configure the section on defaultGroup to make all users members of some default group (typically the members group) so that they have default right without having to make them belong to groups explicitly.

Users and groups in LDAP

Copy the users setup as previously; moreover copy the default-ldap-groups-directory-bundle.xml file in the nuxeo.ear/config folder of the JBoss instance. This sample setup which is dependent on the previous one additionally overrides the default groupDirectory setup to read the groups from the LDAP directory typically from groupOfUniqueNames entries with fully qualified dn references to the user entries or to subgroups. You can edit the nuxeo.ear/config/*.xml files on the JBoss instance, but you will need to restart JBoss to take changes into account.