Hi,
We are currently installing OpenKM as a DMS for our society but we are encountering a problem configuring it for LDAP authentification.
Here is our LDAP entries:
OpenKM.cfg:
We can log in using LDAP, and when we see the users, everything is correctly imported: roles, mails, etc. However, when we log in with a user who has AdminRole like user2, we don't have access to the Administration Panel. Actually we discovered that the defaultRole is applied. Our guess is that the problem comes from login-config.xml, but we couldn't fix it and we're running out of ideas.
Any help will be appreciated
We are currently installing OpenKM as a DMS for our society but we are encountering a problem configuring it for LDAP authentification.
Here is our LDAP entries:
Code: Select all
However, we don't have any memberOf attribute in our user entries, so here is how we worked around it:-fr
--soc
---groups
--------AdminRole (memberUid = user1, memberUid = user2)
--------UserRole (memberUid = user2)
---users
----intern
--------user1
--------user2
OpenKM.cfg:
Code: Select all
login-config.xml:
principal.adapter com.openkm.principal.LdapPrincipalAdapter
principal.ldap.mail.attribute mail
principal.ldap.mail.search.base ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter (&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral
principal.ldap.role.attribute cn
principal.ldap.role.search.base ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter (objectClass=posixGroup)
principal.ldap.roles.by.user.attribute cn
principal.ldap.roles.by.user.search.base ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter (memberUid={0})
principal.ldap.security.credentials ****
principal.ldap.security.principal cn=admin,dc=soc,dc=fr
principal.ldap.server String ldap://192.168.0.xxx:389
principal.ldap.user.attribute cn
principal.ldap.user.search.base ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter (objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute memberUid
principal.ldap.users.by.role.search.base ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter (&(objectClass=posixGroup)(memberUid={0}))
Code: Select all
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://192.168.0.xxx:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
<module-option name="bindCredential">****</module-option>
<module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">dc=soc,dc=fr</module-option>
<module-option name="roleFilter">(memberUid={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="defaultRole">UserRole</module-option>
</login-module>
</authentication>
</application-policy>
We can log in using LDAP, and when we see the users, everything is correctly imported: roles, mails, etc. However, when we log in with a user who has AdminRole like user2, we don't have access to the Administration Panel. Actually we discovered that the defaultRole is applied. Our guess is that the problem comes from login-config.xml, but we couldn't fix it and we're running out of ideas.
Any help will be appreciated
Last edited by lineac on Fri Mar 30, 2012 11:02 am, edited 1 time in total.