• Edit Existing User for role info

  • He we will discuss about how to make customization and improvement to the OpenKM source code.
He we will discuss about how to make customization and improvement to the OpenKM source code.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #25812  by mohan
 
I am not able to create new roles ,please find below screen shot
and please let me know how to modify existing user to assign them to a new role.
Attachments
Screen Shot 2013-10-07 at 8.00.16 PM.png
Screen Shot 2013-10-07 at 8.00.16 PM.png (9.17 KiB) Viewed 4303 times
 #25846  by jllort
 
Have you configured OpenKM to connect to ldap ? Which openkm version are you using ?
 #25849  by mohan
 
I am using openKM 6.2.3 Tomcat bundle and here below is my ldap configuration

OpenKM.cfg
Code: Select all
# OpenKM Hibernate configuration values
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase=true
principal.ldap.referral=follow

principal.ldap.security.principal=CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3
principal.ldap.server=ldap url
principal.ldap.security.credentials=password

principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))

principal.ldap.role.attribute=cn
principal.ldap.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.role.search.filter=(cn=ROLE_*)

principal.ldap.roles.by.user.attribute=memberOf
principal.ldap.roles.by.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(sAMAccountName={0}))

principal.ldap.user.attribute=sAMAccountName
principal.ldap.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.user.search.filter=(&(objectClass=user)(objectCategory=person))

principal.ldap.username.attribute=cn
principal.ldap.username.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.username.search.filter=(&(objectClass=person)(sAMAccountName={0}))

principal.ldap.users.by.role.attribute=member
principal.ldap.users.by.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))

principal.ldap.users.from.roles=false
OpenKM.xml
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

  <!-- Tasks configuration -->
  <!--
  <task:scheduler id="taskScheduler" pool-size="1"/>
  <task:scheduled-tasks scheduler="taskScheduler">
    <task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
  </task:scheduled-tasks>
  <beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
  -->
  
  <!-- Security configuration -->
  <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
      <security:password-encoder hash="md5"/>
      <security:jdbc-user-service 
        data-source-ref="dataSource"
        users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
        authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
    </security:authentication-provider>
    <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>
  
  <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="ldap url"/>
    <beans:property name="userDn" value="CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3"/>
    <beans:property name="password" value="password"/>
    <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
  <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:constructor-arg>
      <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:property name="userSearch" ref="userSearch"/>
      </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg>
      <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:constructor-arg value="dc=dc1,dc=dc2,dc=dc3"/>
        <beans:property name="groupSearchFilter" value="member={0}"/>
        <beans:property name="groupRoleAttribute" value="cn"/>
        <beans:property name="searchSubtree" value="true" />
        <beans:property name="convertToUpperCase" value="false" />
        <beans:property name="rolePrefix" value="" />
      </beans:bean>
    </beans:constructor-arg>
  </beans:bean>
 
  <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="dc=dc1,dc=dc2,dc=dc3" />
    <beans:constructor-arg index="1" value="sAMAccountName={0}" />
    <beans:constructor-arg index="2" ref="contextSource" />
    <beans:property name="searchSubtree" value="true" />
  </beans:bean>
  
</beans:beans>
 #25862  by jllort
 
Was not necessary copy here your ldap configuration. In case you got ldap integration the place to add or remove roles and users is directly your ldap, not openkm. OpenKM acts in read only mode to your ldap do not write. You want a new role ? add in your ldap and you'll see in openkm that's the idea.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.