• Can not login after LDAP configuration

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #52026  by m.abolghasemi
 
Hello
I have problem... I can't login after ldap configuration.
This is my config OpenKM.xml:
Code: Select all
ns:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/b ... ns-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/s ... ty-3.1.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/t ... sk-3.1.xsd">

<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>

<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.XXX.XXX:389"/>
<beans:property name="userDn" value="uid=XXX,DC=XXX,DC=com"/>
<beans:property name="password" value="XXX"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>

<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="DC=XXX,DC=com"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>

<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="DC=XXX,DC=com" />
<beans:constructor-arg index="1" value="(&amp;(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=XXX,DC=XXX,DC=com)(memberOf=CN=ROLE_USER,OU=Computers_Users,DC=XXX,DC=com)))" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>

</beans:beans>
Please help me to solve this.
Thanks
 #52029  by jllort
 
You are integrating with OpenDAP ? Do the user have the attribute "memberOf".

I suggest replace ( less restrictive login at this point ):
Code: Select all
<beans:constructor-arg index="1" value="(&amp;(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=XXX,DC=XXX,DC=com)(memberOf=CN=ROLE_USER,OU=Computers_Users,DC=XXX,DC=com)))" />
to
Code: Select all
<beans:constructor-arg index="1" value="(sAMAccountName={0})" />
I suggest force all the users to ROLE_USER in the login configuraton https://docs.openkm.com/kcenter/view/ok ... fROLE_USER

When you success with login do it more restrictive.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.