Ldap authentication for OpenKM

Help us to improve OpenKM! Be part of the Open Source Community.
Forum rules
Please, before asking something see the documentation wiki or use the forum search function.
Post Reply
mbmni
Senior Boarder
Senior Boarder
Posts: 40
Joined: Thu May 04, 2017 6:56 am

Ldap authentication for OpenKM

Post by mbmni » Mon May 15, 2017 3:24 am

Dear sir / madam,
I successfully add my Ldap user to the user list in my OpenKm.

After that I logged out from openKM.

Now I can't log in to OpenKm even i use the following credentials.

Username : okmAdmin
Password : admin.

Can you please guide me.

Thank you.

jllort
Moderator
Moderator
Posts: 9709
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Ldap authentication for OpenKM

Post by jllort » Mon May 15, 2017 7:49 pm

You have switched OpenKM.xml to work with ldap or with database. Take in mind this change only take effect after restarting OpenKM ( okmAdmin / admin seems the user and credetials set by default is does not seems ldap credentials ).

mbmni
Senior Boarder
Senior Boarder
Posts: 40
Joined: Thu May 04, 2017 6:56 am

Re: Ldap authentication for OpenKM

Post by mbmni » Tue May 16, 2017 3:38 am

dear sir / madam,

thank you for your valuable advice.

i create a Ldap user with following details

uid = fmaul
userPassword = test@1
cn = Famos Malisa
sn = Malisa

and i updated the OpenKM.xml file with the following code.

Code: Select all

<security:ldap-server id="ldapServer"
  url="ldap://localhost:10389/ou=users,ou=system"
  manager-dn="uid=admin,ou=system"
  manager-password="secret"/>

<security:authentication-manager alias="authenticationManager">
  <security:ldap-authentication-provider
    server-ref="ldapServer"
    user-search-base="ou=users,ou=system"
    user-search-filter="(objectClass=inetOrgPerson)"
    group-search-base="cn=testgroup"
    group-search-filter="(member={0})"
    group-role-attribute="cn"
    role-prefix="none">
  </security:ldap-authentication-provider>
</security:authentication-manager>
then i restart the OpenKM with tomcat.

now after all those settings done, cannot log into the OpenKM using the following user name and password

user name = fmaul
password = test@1

thank you.

jllort
Moderator
Moderator
Posts: 9709
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Ldap authentication for OpenKM

Post by jllort » Tue May 16, 2017 9:09 am

I suggest follow this sample in our documentation https://docs.openkm.com/kcenter/view/ok ... roles.html

As you can see in the documentation integration have two steps, we suggest first go for OpenKM configuration parameters ( administration ) what help you in retrieving users and roles from OpenKM. Then go for login.

1- Switch OpenKM.xml to database and login with okmAdmin registered in database
2- Ensure your configuration parameters going right ( user list etc... ), when you sucess on it, try changing again OpenKM.xml

Check user distinguished name, password, etc... In Administration > tools you should have ldap search tool to check individual configuration parameters. Start always getting users:

Code: Select all

principal.ldap.user.attribute = sAMAccountName
principal.ldap.user.search.base = DC=company,DC=com
principal.ldap.user.search.filter = (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=company,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=company,DC=com)))

mbmni
Senior Boarder
Senior Boarder
Posts: 40
Joined: Thu May 04, 2017 6:56 am

Re: Ldap authentication for OpenKM

Post by mbmni » Wed May 17, 2017 6:04 am

dear sir / madam,

a have added my Ldap users to the OpenKM .
please be kind to look the attachment.
ldap03.PNG
later i configured the configuration settings for OpenKM.
please be kind to look the attachment.
ldap01.PNG
ldap02.PNG
thank you

jllort
Moderator
Moderator
Posts: 9709
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Ldap authentication for OpenKM

Post by jllort » Thu May 18, 2017 7:09 am

Your configuration might have several problems, the user has not the attribute member ( Active Directory does bidirectional relation, but this is not done by open ldap, that mean you must the attribute member for each user to set the roles ).

I suppose you are using openkm version 6.x or upper, you should use a more complete OpenKM.xml like what is shown here https://docs.openkm.com/kcenter/view/ok ... login.html

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest