jllort wrote: ↑Sat Nov 13, 2021 9:16 am
You can have several sources working together but not easy to manage them. The most difficulties are in the administration screen where is shown the user list. In case using Ldap and Database resources is not possible using this screen ( because AD user can not be modified but Database can be ). In this scenario is necessary small customization to manage users from another screen.
The problem is not in login, the problem comes from managing users and getting the unified user list required by OpenKM. In the case of the professional edition we have done some configuration in this manner.
Thanks, jllort.
I have more questions:
1) I was found OpenKM.xml on 2 locations : at Tomcat's root, and under OpenKM war folder, Do I should update LDAP config on which files?
2) If we configured both Local & LDAP authen together, can we put xml tag like below in OpenKM.xml -- Both Local (DB) & LDAP
As sample:
OpenKM.xml:
Code: Select all.....
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
</security:authentication-provider>
</security:authentication-manager>
<security:ldap-server id="ldapServer"
url="ldap://192.168.0.6:389/DC=ldap,dc=company,dc=local"
manager-dn="CN=Administrator,cn=users,dc=company,dc=local"
manager-password="password"/>
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
server-ref="ldapServer"
user-search-base="cn=Users"
user-search-filter="(sAMAccountName={0})"
group-search-base="cn=Users"
group-search-filter="(member={0})"
group-role-attribute="cn"
role-prefix="none">
</security:ldap-authentication-provider>
</security:authentication-manager>
.....