LDAP GROUP

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
uko
Fresh Boarder
Fresh Boarder
Posts: 1
Joined: Wed Jul 21, 2021 3:36 pm

LDAP GROUP

Post by uko »

I have a problem to login in OpenKm, though the OpenKM ldap groups exists .
Over the frontend in openKM I get all the user from my ldap.

But it was not possible to modify the OpenKM.xml in the right way:


When I added the line <beans:property name="defaultRole" value="ROLE_USER"
the user can login

But then, I haven't any admin User

Here my OpenKm.xml

Code: Select all

         <security:authentication-manager alias="authenticationManager">
                        <security:authentication-provider ref="ldapAuthProvider" />
          </security:authentication-manager>

            <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
                <beans:constructor-arg value="ldaps://IP:636/ou=yy,o=yyyy"/>
        <beans:property name="userDn" value="cn=yyy,ou=admin,ou=yy,o=yyyy"/>
        <beans:property name="password" value="xx"/>
          </beans:bean>

        <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
          <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:property name="userSearch" ref="userSearch"></beans:property>
            </beans:bean>
        </beans:constructor-arg>

                            <beans:constructor-arg>
         <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:constructor-arg value="ou=groups"/>
               <beans:property name="groupSearchFilter" value="objectclass=posixGroup"/>
               <beans:property name="groupRoleAttribute" value="cn"/>
               <beans:property name="searchSubtree" value="true" />
               <beans:property name="convertToUpperCase" value="true" />
            <beans:property name="rolePrefix" value="" />
                    
             </beans:bean>
             </beans:constructor-arg>
             </beans:bean>
        <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <beans:constructor-arg index="0" value="ou=users" />
              
           <beans:constructor-arg index="1" value="(&amp;(uid={0})(|(groupMembership=cn=ROLE_USER,ou=groups,ou=yy,o=yyyy)(groupMemberShip=cn=ROLE_ADMIN,ou=groups,ou=yy,o=yyyy)))" />

        <beans:constructor-arg index="2" ref="contextSource" />
      <beans:property name="searchSubtree" value="true" />
   </beans:bean>
I will hope someone can help me
jllort
Moderator
Moderator
Posts: 11570
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: LDAP GROUP

Post by jllort »

Do not start integration from OpenKM.xml first should working with Administration > Configuration parameters, when you get this section working then can play with OpenKM.xml, revert all the changes you have done and start again.

After changing the principal adapter, must restart openkm service ( I suggest login at localhost:8080/OpenKM/admin either frontend )
, try follow this sample documentation https://docs.openkm.com/kcenter/view/ok ... parameters

If some parameter is not clear, ask for it. When you success get working -> should be shown a list of user and roles in the administration list.
Post Reply