Configuration of Active Directory from OpenKM

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Wed Oct 05, 2016 8:33 am

Hi,

I am pretty new to OpenKM. I downloaded OpenKM Portable Development Environment 6.3. I am trying to configure Active Directory from this environment by following the documentation but unable to do so. I tried modifying the OpenKM.xml file as well as the suggested configuration parameters.Could anyone help me out in successfully configuring active directory so that I can fetch the users into OpenKM. Please explain what are all the things to be done from AD as well as from OpenKM. Please share the step by step process or your contact so that we can have a chat and implement this successfully.



Satyam V Vinodh
Email: mail removed

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Thu Oct 06, 2016 7:23 am

I suggest do not publish your mail address.

First start with internal OpenKM configuration parameters and when you get it, then work with OpenKM.xml ( I suggest you follow the steps described here https://wiki.openkm.com/index.php/Ldap-example3 )

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Thu Oct 06, 2016 7:34 am

Hi jllort,

Thank you very much for the reply.

I have gone through the link you have provided. Please let me know from where we need to import the users from OpenKM. I don't see any button to import the users from OpenKM after modifying the configuration parameters. Also most of the buttons including LDAP Search are missing from the Utilities section under Administration. I only see the following.
1)Check Email
2)Rebuild indexes
3)Repository checker
4)Repository view
5)List indexes
6)Check text extraction
7)System properties
8)LogCat
9)CSS
Also we don't want the roles ROLE_USER and ROLE_ADMIN to be created in AD.



Thanks,
Satyam V Vinodh

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Fri Oct 07, 2016 7:36 am

There's no button for importing, first must configure "configuration parameters" ( and restart openkm ). When you will see users and roles in Administration ( after configuring correctly configuration parameters ), then can work with OpenKM.xml

Read with pacience the link I provided, this is not a trivial task, specially if you never had seen AD at low level. Also I suggest install Active directoy explorer ( take a look for the link here https://wiki.openkm.com/index.php/Active_Directory ) )

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Mon Oct 10, 2016 7:05 am

Hi jllort,

Thank you very much for the reply.
I configured the configuration parameters and restarted OpenKM but no luck. As suggested, I installed Active directory explorer also to see the AD structure. All the configuration parameters are correct to my knowledge. I tried in all the ways but the users are not getting fetched. Could you please provide me your contact and let me know the convenient time so that I can have a discussion with you and implement this successfully.


Thanks,
Satyam V Vinodh

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Mon Oct 10, 2016 7:57 am

You have missed some parameter or written something wrong. If you share the OpenKM internal configuration here I will take a look on it. Hide parameters in your configuration you consider must not be shown in the public forum.

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Mon Oct 10, 2016 8:17 am

Hi jllort,

Thank you for the quick response. I am replacing the company name, ip address, username and password with the respective values.
Could you please look into the attached file and help me out. Also please be informed that none of the roles ROLE_USER and ROLE_ADMIN have been created in AD as we dont want them to be created in AD.


Thanks,
Satyam V Vinodh
Attachments
parameters.jpg

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Tue Oct 11, 2016 6:25 am

Did you changed ldap.principal.adapter and then restarted the application ?
Take in mind if you do not want to use ROLE_USER and ROLE_ADMIN should be used other roles in this place and also modify the applicationContext.xml file into OpenKM folder ( the moment will arrive when you configure login at OpenKM.xml, I suggest create ROLE_ADMIN adn ROLE_USER all will be more easy for you ).

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Tue Oct 11, 2016 7:24 am

Hi,

I have changed principal.adapter to com.openkm.principal.LdapPrincipalAdapter and restarted the application but still no luck.
For the first step of configuring parameters, do the roles need to be created for getting the users? Once the users are there in the application then only the roles come into picture for login right? Correct me if I am wrong. Also in OpenKM.xml do the default security configuration needs to be commented or not. If commented how will the okmAdmin user will login into the application?
Please provide me your contact so that I can sort it out this configuration. Its been more than a week I got struck up with this without any progress.
I need to finish this as early as possible as I need to do a POC by this weekend.

Thanks,
Satyam V Vinodh

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Wed Oct 12, 2016 10:09 am

As a community user the only support we can provide is just in this forum, there are some rules can not be break down ( as customer there's a direct support in a specific website for supported users ). First time we made the first AD integration we need about 1 week for successing on it, now we need 1-2 hours for it ( after making a lot of them, basically is not trivial task ).

I recommend forget OpenKM.xml and concentrate in configuration parameters, specially these

Code: Select all

principal.adapter=com.openkm.principal.LdapPrincipalAdapter ( need restarting once )
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.security.principal=CN=Administrator,OU=OPENKM,DC=company,DC=com
principal.ldap.username.attribute=cn
principal.ldap.username.search.base=DC=company,DC=com
principal.ldap.username.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.user.attribute=sAMAccountName
principal.ldap.user.search.base=DC=company,DC=com
principal.ldap.user.search.filter=(objectclass=user)
Obviously the parameter value like DC=company.com,DC=com etc... depends on your AD configuration.
Take a look at your $TOMCAT_HOME/logs/catalina.log file for errors.

If you are not retrieving user list, then sure you have some mistake in parameters or access denied by the user you are trying to connect or firewall is locking the AD connection or similar problem.

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Wed Oct 12, 2016 12:39 pm

Hi,

Thank you for the reply.
I am seeing the below error in catalina.log. Could you please let me know if this is causing any issue?

Code: Select all

DEBUG org.springframework.security.web.access.ExceptionTranslationFilter- Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)

Thanks.
Satyam V Vinodh

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Thu Oct 13, 2016 5:58 pm

Did you changed OpenKM.xml or only working with internal configuration parameters ? OpenKM.xml is still using database auth ? take in mind any changes is this file need restarting application.

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Mon Oct 17, 2016 8:22 am

Hi,

I am working only with internal configuration parameters. I haven't changed anything in OpenKM.xml file. Using the default one only.

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">
  
  <!-- Security configuration -->
 <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
      <security:password-encoder hash="md5"/>
      <security:jdbc-user-service 
        data-source-ref="dataSource"
        users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
        authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
    </security:authentication-provider>
  </security:authentication-manager>

</beans:beans>
Thanks,
Satyam V Vinodh

jllort
Moderator
Moderator
Posts: 9642
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Configuration of Active Directory from OpenKM

Post by jllort » Tue Oct 18, 2016 6:17 pm

Seems security goes across database, restart tomcat to ensure really you are loggin from database. About the previous error I do not understanding the reason ( seems there's some problem accessing to translation ) the errors is shown from login screen ?
Anyway I think has no relation with AD integration.

vinodhsatyam
Fresh Boarder
Fresh Boarder
Posts: 16
Joined: Tue Oct 04, 2016 11:31 am

Re: Configuration of Active Directory from OpenKM

Post by vinodhsatyam » Fri Nov 04, 2016 11:05 am

Hi,

I restarted the Tomcat but still no luck.
Could you please let me know whether I can make use of SQL Server database from Portable Development Environment instead of default database and if so how I need to configure.


Thanks & Regards,
Vinodh Satyam

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests