• LDAP GROUP

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #52657  by uko
 
I have a problem to login in OpenKm, though the OpenKM ldap groups exists .
Over the frontend in openKM I get all the user from my ldap.

But it was not possible to modify the OpenKM.xml in the right way:


When I added the line <beans:property name="defaultRole" value="ROLE_USER"
the user can login

But then, I haven't any admin User

Here my OpenKm.xml

Code: Select all
         <security:authentication-manager alias="authenticationManager">
                        <security:authentication-provider ref="ldapAuthProvider" />
          </security:authentication-manager>

            <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
                <beans:constructor-arg value="ldaps://IP:636/ou=yy,o=yyyy"/>
        <beans:property name="userDn" value="cn=yyy,ou=admin,ou=yy,o=yyyy"/>
        <beans:property name="password" value="xx"/>
          </beans:bean>

        <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
          <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:property name="userSearch" ref="userSearch"></beans:property>
            </beans:bean>
        </beans:constructor-arg>

                            <beans:constructor-arg>
         <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:constructor-arg value="ou=groups"/>
               <beans:property name="groupSearchFilter" value="objectclass=posixGroup"/>
               <beans:property name="groupRoleAttribute" value="cn"/>
               <beans:property name="searchSubtree" value="true" />
               <beans:property name="convertToUpperCase" value="true" />
            <beans:property name="rolePrefix" value="" />
                    
             </beans:bean>
             </beans:constructor-arg>
             </beans:bean>
        <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <beans:constructor-arg index="0" value="ou=users" />
              
           <beans:constructor-arg index="1" value="(&amp;(uid={0})(|(groupMembership=cn=ROLE_USER,ou=groups,ou=yy,o=yyyy)(groupMemberShip=cn=ROLE_ADMIN,ou=groups,ou=yy,o=yyyy)))" />

        <beans:constructor-arg index="2" ref="contextSource" />
      <beans:property name="searchSubtree" value="true" />
   </beans:bean>
I will hope someone can help me
 #52662  by jllort
 
Do not start integration from OpenKM.xml first should working with Administration > Configuration parameters, when you get this section working then can play with OpenKM.xml, revert all the changes you have done and start again.

After changing the principal adapter, must restart openkm service ( I suggest login at localhost:8080/OpenKM/admin either frontend )
, try follow this sample documentation https://docs.openkm.com/kcenter/view/ok ... parameters

If some parameter is not clear, ask for it. When you success get working -> should be shown a list of user and roles in the administration list.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.