• [Resolved] Role does not work with (LDAP) Active directory

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #46179  by jllort
 
1- This section is wrong sure:
Code: Select all
<beans:constructor-arg value="OU=IT,OU=CDG,OU=SDA,DC=*****,DC=***"/>
Should be only:
Code: Select all
<beans:constructor-arg value="DC=*****,DC=***"/>
You have with it wrong in two section of the XML

2- The section below is also wrong:
Code: Select all
<beans:constructor-arg index="1" value="CN={0}" />
should be
Code: Select all
<beans:constructor-arg index="1" value="sAMAccountName={0}" />
3- Try accessing to IP directly rather than ldap://sd01cdgdc:389 ( might be you have balanced domain server etc... and there's some issue there ). But I think issue is not here, is in point 1

I suggest review the sample from here https://docs.openkm.com/kcenter/view/ok ... roles.html and consider the issue was on much restrictive base, you should use "DC=*****,DC=***" as Base for filtering. I suspect roles are outside the base you have set and that the reason why are not applyed.

If it goes right at the end I suggest apply some restriction like what is shown below:
Code: Select all
(&amp;(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=company,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=company,DC=com)))
 #46222  by milenormand
 
Hi jllort,

Thank you for reply,
1- This section is wrong sure:
CODE: SELECT ALL

<beans:constructor-arg value="OU=IT,OU=CDG,OU=SDA,DC=*****,DC=***"/>
Should be only:
CODE: SELECT ALL

<beans:constructor-arg value="DC=*****,DC=***"/>
You have with it wrong in two section of the XML

you are right in this point,for help other people i have changed that too :

in [tomcat]/OpenKM.xml :
Code: Select all
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="DC=*****,DC=**" />

in [tomcat]/webapps/openKM/WEB-INF/appContext.xml and [unzip_OpenKM.war]/OpenKM/WEB-INF/appContext.xml :
Code: Select all
 <!-- Remove prefix to be able of use custom roles -->
  <beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
    <beans:property name="rolePrefix" value=""/>
  </beans:bean>
for remove rolePrefix "ROLE_"


after many tests
If your users have a role, the role must be assigned to the root of taxonomy, metadata, thesaurus, and templates to work.


Best Regards,
Mi Lenormand

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.