Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

LDAP GROUP

https://forum.openkm.com/viewtopic.php?t=24301

Page 1 of 1

LDAP GROUP

PostPosted:Thu Jul 22, 2021 4:10 pm
by uko
I have a problem to login in OpenKm, though the OpenKM ldap groups exists .
Over the frontend in openKM I get all the user from my ldap.

But it was not possible to modify the OpenKM.xml in the right way:


When I added the line <beans:property name="defaultRole" value="ROLE_USER"
the user can login

But then, I haven't any admin User

Here my OpenKm.xml

Code: Select all
         <security:authentication-manager alias="authenticationManager">
                        <security:authentication-provider ref="ldapAuthProvider" />
          </security:authentication-manager>

            <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
                <beans:constructor-arg value="ldaps://IP:636/ou=yy,o=yyyy"/>
        <beans:property name="userDn" value="cn=yyy,ou=admin,ou=yy,o=yyyy"/>
        <beans:property name="password" value="xx"/>
          </beans:bean>

        <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
          <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:property name="userSearch" ref="userSearch"></beans:property>
            </beans:bean>
        </beans:constructor-arg>

                            <beans:constructor-arg>
         <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
               <beans:constructor-arg ref="contextSource"/>
               <beans:constructor-arg value="ou=groups"/>
               <beans:property name="groupSearchFilter" value="objectclass=posixGroup"/>
               <beans:property name="groupRoleAttribute" value="cn"/>
               <beans:property name="searchSubtree" value="true" />
               <beans:property name="convertToUpperCase" value="true" />
            <beans:property name="rolePrefix" value="" />
                    
             </beans:bean>
             </beans:constructor-arg>
             </beans:bean>
        <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <beans:constructor-arg index="0" value="ou=users" />
              
           <beans:constructor-arg index="1" value="(&amp;(uid={0})(|(groupMembership=cn=ROLE_USER,ou=groups,ou=yy,o=yyyy)(groupMemberShip=cn=ROLE_ADMIN,ou=groups,ou=yy,o=yyyy)))" />

        <beans:constructor-arg index="2" ref="contextSource" />
      <beans:property name="searchSubtree" value="true" />
   </beans:bean>
I will hope someone can help me

Re: LDAP GROUP

PostPosted:Sun Jul 25, 2021 8:40 am
by jllort
Do not start integration from OpenKM.xml first should working with Administration > Configuration parameters, when you get this section working then can play with OpenKM.xml, revert all the changes you have done and start again.

After changing the principal adapter, must restart openkm service ( I suggest login at localhost:8080/OpenKM/admin either frontend )
, try follow this sample documentation https://docs.openkm.com/kcenter/view/ok ... parameters

If some parameter is not clear, ask for it. When you success get working -> should be shown a list of user and roles in the administration list.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited