Online demo
Download
Contact

Because information matters

  • OpenKM and Windows Active Directory error

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Thu Jun 19, 2025 2:11 pm

OpenKM and Windows Active Directory error

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

OpenKM and Windows Active Directory error

 #10955  by chungvoky
 
Hi,

I have a OpenKM version 5.0.4 installed on Ubuntu 10.10 server edition and an Active Directory on Windows server 2003. I can login used AD account successful. But in server.log I see some error and I can't show full user list by a role (only one user shown in each role).

My AD structure is:
Code: Select all
dc=com
   |_dc=mydomain
        |_OU=company
        |    |_OU=Dept. 1
        |    |   |_user1
        |    |   |_user2
        |    |_OU=Dept. 2
        |    |   |_user3
        |    |   |_user4
        |    |_OU=Dept. 3
        |        |_OU=Group 1
        |             |_user5
        |             |_user6
        |_OU=OpenKM
        |    |_Group OpenKMusers (members: user1, user2, user3, user4, user5)
        |    |_Group OpenKMadmins (members: user1)
        |    |_Group OpenKMroles (members: OpenKMusers, OpenKMadmins, OpenKMrole1, OpenKMrole2)
        |    |_Group OpenKMrole1 (members: user1, user2, user3)
        |    |_Group OpenKMrole2 (members: user4, user5)
        |_....
And this my config in OpenKM.cfg
Code: Select all
default.user.role=OpenKMusers
default.admin.role=OpenKMadmins

system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter

principal.ldap.server=ldap://my_AD_IPaddress
principal.ldap.security.principal=cn=user1,ou=Dept.1,ou=company,dc=mydomain,dc=com
principal.ldap.security.credentials=my_password

principal.ldap.user.search.base=dc=mydomain,dc=com
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=cn=OpenKMusers,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.user.attribute=sAMAccountName

principal.ldap.role.search.base=dc=mydomain,dc=com
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=cn=OpenKMroles,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.role.attribute=sAMAccountName

principal.ldap.mail.search.base=dc=mydomain,dc=com
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail

principal.ldap.users.by.role.search.base=ou=OpenKM,dc=mydomain,dc=com
principal.ldap.users.by.role.search.filter=(sAMAccountName={0})
principal.ldap.users.by.role.attribute=member

principal.ldap.roles.by.user.search.base=dc=mydomain,dc=com
principal.ldap.roles.by.user.search.filter=(sAMAccountName={0})
principal.ldap.roles.by.user.attribute=memberOf
My login-config.xml
Code: Select all
    <!-- OpenKM -->
    <application-policy name = "OpenKM">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
             <module-option name="java.naming.provider.url">ldap://my_AD_IPaddress</module-option>
             <module-option name="bindDN">cn=user1,ou=Dept.1,ou=company,dc=mydomain,dc=com</module-option>
             <module-option name="java.naming.security.authentication">simple</module-option>
             <module-option name="java.naming.referral">follow</module-option>
             <module-option name="bindCredential">my_password</module-option>
             <module-option name="baseCtxDN">dc=mydomain,dc=com</module-option>
             <module-option name="baseFilter">(&(sAMAccountName={0})(memberOf=CN=OpenKMusers,OU=OpenKM,dc=mydomain,dc=com))</module-option>
             <module-option name="rolesCtxDN">dc=mydomain,dc=com</module-option>
             <module-option name="roleFilter">(member={1})</module-option>
             <module-option name="roleAttributeID">sAMAccountName</module-option>
             <module-option name="roleAttributeIsDN">false</module-option>
             <module-option name="roleRecursion">-1</module-option>
             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
             <!--<module-option name="defaultRole">UserRole</module-option>-->
             <module-option name="allowEmptyPasswords">false</module-option>
          </login-module>
       </authentication>
    </application-policy>
My server.log show error as below:
Code: Select all
2011-05-10 13:06:46,088 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:57)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:785)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getUsers(OKMAuth.java:134)
2011-05-10 13:06:46,094 ERROR [STDERR] 	at com.openkm.frontend.server.OKMAuthServlet.getAllUsers(OKMAuthServlet.java:524)
Code: Select all
2011-05-10 13:06:46,341 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,341 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,342 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getRoles(LdapPrincipalAdapter.java:85)
2011-05-10 13:06:46,342 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getRoles(DirectAuthModule.java:802)
2011-05-10 13:06:46,342 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getRoles(OKMAuth.java:143)
2011-05-10 13:06:46,342 ERROR [STDERR] 	at com.openkm.frontend.server.OKMAuthServlet.getAllRoles(OKMAuthServlet.java:551)
Code: Select all
2011-05-10 13:06:46,347 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,347 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:57)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:785)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getUsers(OKMAuth.java:134)
2011-05-10 13:06:46,348 ERROR [STDERR] 	at com.openkm.frontend.server.OKMAuthServlet.getAllUsers(OKMAuthServlet.java:524)
Code: Select all
2011-05-10 13:06:47,116 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getRolesByUser(LdapPrincipalAdapter.java:160)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getRolesByUser(DirectAuthModule.java:836)
2011-05-10 13:06:47,117 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getRolesByUser(OKMAuth.java:161)
Please help me resolve these errors. Thanks

Re: OpenKM and Windows Active Directory error

 #10968  by jllort
 
to get users and roles on security box uses :
Code: Select all
principal.ldap.user.search.base=dc=mydomain,dc=com
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=cn=OpenKMusers,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.user.attribute=sAMAccountName
and
Code: Select all
principal.ldap.role.search.base=dc=mydomain,dc=com
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=cn=OpenKMroles,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.role.attribute=sAMAccountName
You must concentrate on this two sections.

I think could be something like this for roles on search base
Code: Select all
principal.ldap.role.search.base=cn=OpenKMroles,ou=OpenKM,dc=mydomain,dc=com
principal.ldap.role.search.filter=(&(objectclass=group)
principal.ldap.role.attribute=cn
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -