I am using openKM 6.2.3 Tomcat bundle and here below is my ldap configuration
OpenKM.cfg
Code: Select all# OpenKM Hibernate configuration values
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase=true
principal.ldap.referral=follow
principal.ldap.security.principal=CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3
principal.ldap.server=ldap url
principal.ldap.security.credentials=password
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.role.search.filter=(cn=ROLE_*)
principal.ldap.roles.by.user.attribute=memberOf
principal.ldap.roles.by.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.user.attribute=sAMAccountName
principal.ldap.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.user.search.filter=(&(objectClass=user)(objectCategory=person))
principal.ldap.username.attribute=cn
principal.ldap.username.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.username.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute=member
principal.ldap.users.by.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.users.from.roles=false
OpenKM.xml
Code: Select all<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.1.xsd">
<!-- Tasks configuration -->
<!--
<task:scheduler id="taskScheduler" pool-size="1"/>
<task:scheduled-tasks scheduler="taskScheduler">
<task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
</task:scheduled-tasks>
<beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
-->
<!-- Security configuration -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
</security:authentication-provider>
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap url"/>
<beans:property name="userDn" value="CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3"/>
<beans:property name="password" value="password"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="dc=dc1,dc=dc2,dc=dc3"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="dc=dc1,dc=dc2,dc=dc3" />
<beans:constructor-arg index="1" value="sAMAccountName={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>