• Active directory integration

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #52138  by m.abolghasemi
 
Hello
I have problem with Active Directory integration.
After configuration like this link:
https://docs.openkm.com/kcenter/view/ok ... roles.html
I can't login with both (Domain Account & Local Account). Error: (Authentication error)
This is my OpenKM.xml:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task.xsd">
 
<security:authentication-manager alias="authenticationManager">
     <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://XXX.XXX.XXX.XXX:389"/>
  <beans:property name="userDn" value="CN=XXX,OU=XXX,OU=XXX,DC=XXX,DC=com"/>
  <beans:property name="password" value="XXX"/>
  <beans:property name="baseEnvironmentProperties">
     <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
   </beans:property>
</beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg name="authoritiesPopulator" ref="defaultLdapAuthoritiesPopulator"/> 
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="DC=XXX,DC=com" />
  <beans:constructor-arg index="1" value="(&amp;(sAMAccountName={0})(|(memberOf=OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=com)(memberOf=OU=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=com)))" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>

 <beans:bean id="defaultLdapAuthoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="DC=XXX,DC=com"/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" />
    </beans:bean>

  <!--Needed for remember-me services -->
    <beans:bean id="userDetailService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
        <beans:constructor-arg ref="userSearch"/>
        <beans:constructor-arg ref="defaultLdapAuthoritiesPopulator"/>
    </beans:bean>
 
</beans:beans>
Thanks.
 #52148  by jllort
 
Before modifying OpenKM.xml authentication section I suggest revert the changes and play with OpenKM internal configuration parameters. First step is success on getting OpenKM configuration parameters working. In the second stage you can play with AD login integration.
 #52165  by jllort
 
Did you configured ldap parmeters in OpenKM administration configuration parameters -> the list of users and roles are working? Because this is the first step
 #52175  by jllort
 
AD parameters are set in Administration > Configuration parameters -> ( all the configuration parameters described in the documentation what begins with 'ldap.'. To check it works is quite simply, go to user and roles list and there should be shown the AD user and group list. If it not shown then you have a wrong configuration.

Here we try to explain the process https://docs.openkm.com/kcenter/view/ok ... roles.html always start with Configuration parameters and at the end play with OpenKM.xml

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.