• OpenKM 6.3.2 Configuration Ldap

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #43509  by AdamChen
 
First , I tried it about a month can't login with ldap ( I sorry my English not very well )

this is my Ldap structure .
-----------------------------------------------------------------------------------------------------
DIT
-----|-----Root DSE
----------|-----CN=Partition1,DC=want-moss,DC=com
---------------|-----CN=Users
--------------------|-----CN=Shanghai
-------------------------|-----CN=00000001
-------------------------|-----CN=00000002
-------------------------|-----CN=00000003
-------------------------|-----CN=00000004
-------------------------|----- ......
---------------|-----CN=Taiwan
--------------------|-----CN=Taipei
-------------------------|-----CN=80001001
-------------------------|-----CN=80001002
-------------------------|-----CN=80001003
-------------------------|----- ......
--------------------|-----CN=Tainai
-------------------------|-----CN=90001001
-------------------------|-----CN=90001002
-------------------------|-----CN=90001003
-------------------------|----- ......
-----------------------------------------------------------------------------------------------------
Also I show the Apache Directory Studio detail for User : 80001001

objectClass:organizationalPerson(structural)
objectClass:person(structural)
objectClass:top(abstract)
objectClass:user(structural)
objectClass:companyPerson(structural)
cn=80001001
instanceType=4
badPasswordTime=0
badPwdCount=0
description=ADUser
distnguishedName=CN=80001001,CN=Taipei,CN=Taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com
mail=xxxx@company.com
mobile=09xxxxxxxx
name=80001001
sn=Adam
uid=80001001
userPrincipalName=80001001
(I just take some important information)
-----------------------------------------------------------------------------------------------------
And this is my OpenKM.xml
Code: Select all
<security:authentication-manager alias="authenticationManager">
     <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://10.0.xx.xxx:xxx"/>
  <beans:property name="userDn" value="CN=ron,CN=Partition1,DC=want-moss,DC=com"/>
  <beans:property name="password" value="****"/>
  <beans:property name="baseEnvironmentProperties">
     <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
   </beans:property>
</beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value=""CN=Partition1,DC=want-moss,DC=com/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" />
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="CN=Partition1,DC=want-moss,DC=com" />
  <beans:constructor-arg index="1" value="(cn={0})" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>
The settings I used in configuration view are as below
Code: Select all

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase=true
principal.ldap.referral=follow
principal.ldap.users.from.roles=false

principal.ldap.server=ldap://10.0.xx.xxx:xxx
principal.ldap.security.principal="CN=ron,CN=Partition1,DC=want-moss,DC=com"
principal.ldap.security.credentials=password

principal.ldap.user.attribute=cn
principal.ldap.user.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.user.search.filter=(&(objectClass=person)(cn={0}))

principal.ldap.username.attribute=cn
principal.ldap.username.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.username.search.filter=(&(objectClass=person)(cn={0}))

principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.mail.search.filter=(&(objectClass=person)(cn={0}))

principal.ldap.role.attribute=cn
principal.ldap.role.search.baseDC=CN=Partition1,DC=want-moss,DC=com
principal.ldap.role.search.filter=(objectClass=person)

principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(snc={0}))

principal.ldap.users.by.role.attribute=cn
principal.ldap.users.by.role.search.base=CN=Partition1,DC=want-moss,DC=com
principal.ldap.users.by.role.search.filter=(&(objectClass=person)(cn={0}))

And this is tomcat -> logs -> catalina.log
Code: Select all

2017-03-22 18:23:21,042 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/status'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/download'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/workflow-register'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/webdav/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/feed/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/browser/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/cmis/atom11/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/j_spring_security_check'; against '/services/rest/**'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No HttpSession currently exists
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Request is to process authentication
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.authentication.ProviderManager- Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider- Processing authentication request for user: 80001001
2017-03-22 18:23:21,043 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch- Searching for user '80005108', with user search [ searchFilter: 'cn={0}', searchBase: 'CN=taiwan,CN=Users,CN=Partition1,DC=want-moss,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Searching for entry under DN '', base = 'cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com', filter = 'cn={0}'
2017-03-22 18:23:21,253 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Found DN: cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,255 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Attempting to bind as cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,256 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource- Removing pooling flag for user cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-03-22 18:23:21,409 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Retrieving attributes...
2017-03-22 18:23:21,478 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; remaining name 'cn=80001001,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com'
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Updated SecurityContextHolder to contain null Authentication
2017-03-22 18:23:21,479 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@375e7899
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler- Redirecting to /login.jsp?error=1
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.DefaultRedirectStrategy- Redirecting to '/OpenKM/login.jsp?error=1'
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-03-22 18:23:21,480 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter- SecurityContextHolder now cleared, as request processing completed
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/status'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/download'
2017-03-22 18:23:21,556 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/workflow-register'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/webdav/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/feed/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/browser/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/cmis/atom11/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.util.AntPathRequestMatcher- Checking match of request : '/login.jsp'; against '/services/rest/**'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.FilterChainProxy- /login.jsp?error=1 at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-03-22 18:23:21,557 [http-bio-0.0.0.0-8080-exec-9] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- HttpSession returned null object for SPRING_SECURITY_CONTEXT

Can someone tell me where I needed to fix ?

Because I'm come from taiwan , so my company cn = Taiwan(this is not english is chinese characters)

Thanks you very much to helping me , I'm appreciation .
 #43521  by jllort
 
What kind of ldap do you have, openldap , microsoft active directory ?
 #43540  by jllort
 
I do not know from where you have read this sample, but we do not use (cn={0}) for login:
Code: Select all
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="CN=Partition1,DC=want-moss,DC=com" />
  <beans:constructor-arg index="1" value="(cn={0})" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>
I suggest doing LDAP configuration in two steps.
- First, configure configuration parameters ( not login -> OpenKM.xml ). Change only the principal.adapter, restart OpenKM, go to administration and work with parameters ( step by step you must see it in user list ). Take in mind LDAP data is cached by OpenKM, if after some change you do not see changes in User list, etc.. you should refresh cache https://docs.openkm.com/kcenter/view/ok ... stats.html
- Second, configure login

Take a look here as a suggested configuration for AD:
https://docs.openkm.com/kcenter/view/ok ... roles.html
 #43563  by AdamChen
 
Hi jllort !

thank you for your patience .

Now I can see the user in my user list
螢幕快照 2017-04-05 下午3.35.43.png
螢幕快照 2017-04-05 下午3.35.43.png (75.42 KiB) Viewed 7493 times
螢幕快照 2017-04-05 下午3.35.00.png
螢幕快照 2017-04-05 下午3.35.00.png (75.44 KiB) Viewed 7493 times
but when I login with this user !!!

it's fails . . . .

this is catalina.log
Code: Select all
2017-04-05 15:45:20,879 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-04-05 15:45:20,879 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- HttpSession returned null object for SPRING_SECURITY_CONTEXT
2017-04-05 15:45:20,879 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@16fd4e94. A new one will be created.
2017-04-05 15:45:20,879 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.FilterChainProxy- /j_spring_security_check at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-04-05 15:45:20,879 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Request is to process authentication
2017-04-05 15:45:20,880 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.authentication.ProviderManager- Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2017-04-05 15:45:20,903 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider- Processing authentication request for user: 80005108
2017-04-05 15:45:20,903 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch- Searching for user '80005108', with user search [ searchFilter: '(&amp;(cn={0})(memberOf=CN=TW001104,CN=Positions,CN=Groups,CN=Partition1,DC=want-moss,DC=com))', searchBase: 'CN=Partition1,DC=want-moss,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2017-04-05 15:45:22,304 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Searching for entry under DN '', base = 'cn=Partition1,dc=want-moss,dc=com', filter = '(&amp;(cn={0})(memberOf=CN=TW001104,CN=Positions,CN=Groups,CN=Partition1,DC=want-moss,DC=com))'
2017-04-05 15:45:22,325 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate- Found DN: cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-04-05 15:45:22,333 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Attempting to bind as cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-04-05 15:45:22,333 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource- Removing pooling flag for user cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com
2017-04-05 15:45:22,490 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator- Retrieving attributes...
2017-04-05 15:45:22,571 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
	'CN=Partition1,DC=want-moss,DC=com'
]; remaining name 'cn=80005108,cn=taipei,cn=taiwan,cn=Users,cn=Partition1,dc=want-moss,dc=com'
2017-04-05 15:45:22,573 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Updated SecurityContextHolder to contain null Authentication
2017-04-05 15:45:22,573 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@646e6cbf
2017-04-05 15:45:22,573 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler- Redirecting to /login.jsp?error=1
2017-04-05 15:45:22,574 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.DefaultRedirectStrategy- Redirecting to '/OpenKM/login.jsp?error=1'
2017-04-05 15:45:22,574 [http-bio-0.0.0.0-8080-exec-6] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
Do you have ever see like that problems ?

I was killed by the boss !!!!!!

I try to configure it
 #43581  by jllort
 
Sorry but now I see that you was talking about Microsoft AD. Then you must take as the sample this one https://docs.openkm.com/kcenter/view/ok ... roles.html ( attribute for login must be the sAMAccountName ). At the begining you can use
Code: Select all
<beans:constructor-arg index="1" value="(sAMAccountName={0})" />
rather than what is shown in the sample
Code: Select all
<beans:constructor-arg index="1" value="(&amp;(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=company,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=company,DC=com)))" />

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.