Hello everyone!
I'll start by expressing a massive thank-you to everyone who works on this project. It is exactly what I was looking for. I do some IT work for a small church, and they are looking for a document management application; OpenKM fits our needs exactly.
I got it installed and configured on Ubuntu Server 16.04.1 LTS using the 6.3.0 install script (still on that version for now; I'm asking a friend who's more familiar with Tomcat stuff to help update later). Everything seems to be working well, and I cannot wait to show the users the new system.
The problem I'm having is with LDAP. I got it to authenticate, and sync, but while the user list populated successfully, only the okmAdmin account can log in.
This is a very small environment, so I'm perfectly fine with all users being able to log in. What I'm thinking might be the issue is that it doesn't seem to assign the 'OKM_USER" role to LDAP users by default. This makes sense to some extent, but I'm not quite sure how or where to apply those roles, or even if the lack of a role is preventing login.
I've included my LDAP config parameters below; IPs and credentials have been redacted.
Thank you again,
Joey
I'll start by expressing a massive thank-you to everyone who works on this project. It is exactly what I was looking for. I do some IT work for a small church, and they are looking for a document management application; OpenKM fits our needs exactly.
I got it installed and configured on Ubuntu Server 16.04.1 LTS using the 6.3.0 install script (still on that version for now; I'm asking a friend who's more familiar with Tomcat stuff to help update later). Everything seems to be working well, and I cannot wait to show the users the new system.
The problem I'm having is with LDAP. I got it to authenticate, and sync, but while the user list populated successfully, only the okmAdmin account can log in.
This is a very small environment, so I'm perfectly fine with all users being able to log in. What I'm thinking might be the issue is that it doesn't seem to assign the 'OKM_USER" role to LDAP users by default. This makes sense to some extent, but I'm not quite sure how or where to apply those roles, or even if the lack of a role is preventing login.
I've included my LDAP config parameters below; IPs and credentials have been redacted.
Code: Select all
Thank you for taking a look; I appreciate whatever help can be provided. Also, if I could impose just a bit to keep instructions simple (e.g. provide file paths if an edit is needed, etc); I'm fairly smart, but I don't deal much with Tomcat applications and I'm new to LDAP, so I super appreciate any simplicity that can be afforded.Property Type Value
principal.ldap.mail.attribute String mail
principal.ldap.mail.search.base String dc=fbc,dc=local
principal.ldap.mail.search.filter String (uid={0})
principal.ldap.referral String
principal.ldap.role.attribute String cn
principal.ldap.role.search.base List ou=leadership,dc=fbc,dc=local
principal.ldap.role.search.filter String (objectClass=posixGroup)
principal.ldap.roles.by.user.attribute String
principal.ldap.roles.by.user.search.base String
principal.ldap.roles.by.user.search.filter String
principal.ldap.security.credentials String [password]
principal.ldap.security.principal String cn=[administrator],dc=fbc,dc=local
principal.ldap.server String ldap://[ip]:389
principal.ldap.user.attribute String uid
principal.ldap.user.search.base List dc=fbc,dc=local
principal.ldap.user.search.filter String (objectClass=inetOrgPerson)
principal.ldap.username.attribute String uid
principal.ldap.username.search.base String dc=fbc,dc=local
principal.ldap.username.search.filter String (uid={0})
principal.ldap.users.by.role.attribute String memberUid
principal.ldap.users.by.role.search.base String ou=leadership,dc=fbc,dc=local
principal.ldap.users.by.role.search.filter String (&(objectClass=posixGroup)(cn={0}))
principal.ldap.users.from.roles Boolean Inactive
Thank you again,
Joey