How do you change user preferences when using ldap?
Hello,
Our Nuxeo server uses ldap authentication, which seemingly prevents us from editing user preferences.
When I'm logged in with a ldap user account and I want to change my preferences (user settings, ie locale settings or time zone), I get “LDAP: error code 50 - Insufficient Access Rights”.
On the other hand, when I'm logged in with a nuxeo internal user account, I can edit my settings, there's no problem.
It looks like Nuxeo can't access something that's missing in our ldap directory. Any idea where the problem might come from?
Thanks you in advance for your help!
Hello,
After further investigation, we solved the problem. Just in case, I'll share the answer.
When you edit user preferences (locale/region, timezone), Nuxeo wants to rewrite some fields in the ldap directory.
In our case, we don't want Nuxeo to have write access to the ldap directory (no write rights on the ldap side), so that Nuxeo couldn't make any changes in ldap. As a result, we used to get “ldap error: Insuficient access rights” and couldn't edit user preferences.
Then we edited the ldap configuration file default-ldap-users-directory-config.xml , this way:
<readOnly>false</readOnly> becomes <readOnly>true</readOnly>
See doc about the config file here http://doc.nuxeo.com/x/u4Wo
Now, when we want to edit user preferences, Nuxeo doesn't try anymore to write in the ldap directory and everything works fine.