Online demo
Download
Contact

Because information matters

  • problem for the ldap integration

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Tue Apr 23, 2024 10:26 am

problem for the ldap integration

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

problem for the ldap integration

 #39595  by ivanchun
 
I have a problem for the ldap integration for the openkm 6.3, I am able to use the ldap login

I did created appropriate group in my AD (MS 2008 r2) , created 3 groups (ROLE_ADMIN / ROLE_PowerUser/ ROLE_USER)

but I having issue for the Configuration, the users group not display in the openkm
Code: Select all
principal.ldap.role.search.base	List	OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.role.search.filter	String	(objectclass=group)
principal.ldap.roles.by.user.attribute	String	memberOf
principal.ldap.roles.by.user.search.base	String	OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.roles.by.user.search.filter	String	(&(sAMAccountName={0}))
principal.ldap.security.credentials	String	 xxxxxxxx                                                
principal.ldap.security.principal	String	CN=OpenKM,OU=IT Admin (Exclude sync 365),OU=Users,OU=AU,DC=centos,DC=com
principal.ldap.server	String	ldap://10.188.2.2
principal.ldap.user.attribute	String	sAMAccountName
principal.ldap.user.search.base	List	DC=centos,DC=com
principal.ldap.user.search.filter	String	(&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)))
principal.ldap.username.attribute	String	cn
principal.ldap.username.search.base	String	OU=Users,OU=AU,DC=centos,DC=com
principal.ldap.username.search.filter	String	(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute	String	member
principal.ldap.users.by.role.search.base	String	OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.users.by.role.search.filter	String	(&(objectClass=group)(CN={0}))
OpenKM.cfg
Code: Select all
<security:authentication-manager alias="authenticationManager">
     <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
     <beans:constructor-arg value="ldap://10.188.2.2"/>
     <beans:property name="userDn" value="CN=OpenKM,OU=IT Admin (Exclude sync 365),OU=Users,OU=AU,DC=centos,DC=com"/>
  <beans:property name="password" value="xxxxxx"/>
  <beans:property name="baseEnvironmentProperties">
     <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
   </beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
     <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="DC=centos,DC=com"/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" />
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="DC=centos,DC=com" />
  <beans:constructor-arg index="1" value="(&(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)))" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>

Re: problem for the ldap integration

 #39608  by jllort
 
Login is going right no ?
Did you changed ldap.principal.adapter ?
You're integrating to ldap or with active directory ?

Check:
Be sure, your ldap host, credential and user are correctly written.

My suggestion is starting with more general filter and then step by step set the filtering option, for example start with
principal.ldap.user.search.filter=objectclass=user
principal.ldap.user.search.filter=objectclass=person

Re: problem for the ldap integration

 #39614  by ivanchun
 
Hi Jilort
thanks for your suggestion
principal.ldap.user.search.filter tried use user/ person but seems no changes

Login is going right
principal.ldap.server String ldap://10.188.2.2
ldap with active directory

Re: problem for the ldap integration

 #39626  by jllort
 
If login is going right i do not know why is not showing the user list. Integrate application with ldap is not an easy task the most difficult thing normally is integrate the login ( the configuration what seems going right to you ), take a look at catalina.log for some errors ?

Re: problem for the ldap integration

 #39633  by ivanchun
 
Hi Jllort

Really appreciate for your assist, after your remind I review the configuration, I make the mistake.

the issue fixed as you said, thanks for your help

[root@dms ~]# cat /mnt/Data/openkm/tomcat/logs/catalina.log
2015-05-25 00:00:00,027 [Thread-4780] INFO com.openkm.core.UserMailImporter- *** User mail importer activated ***
2015-05-25 00:30:00,031 [Thread-4799] INFO com.openkm.core.UserMailImporter- *** User mail importer activated ***
2015-05-25 00:47:46,058 [http-bio-0.0.0.0-8080-exec-11] INFO org.springframework.ldap.core.LdapTemplate- The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2015-05-25 00:47:47,366 [http-bio-0.0.0.0-8080-exec-8] WARN com.openkm.servlet.frontend.WorkspaceServlet- User is null! Please, check principal.adapter=com.openkm.principal.DatabasePrincipalAdapter

Re: problem for the ldap integration

 #39661  by jllort
 
Koniec12 if your problem is not related with this post, please add other post
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -