Page 1 of 1

Ldap authentication for OpenKM

Posted: Mon May 15, 2017 3:24 am
by mbmni
Dear sir / madam,
I successfully add my Ldap user to the user list in my OpenKm.

After that I logged out from openKM.

Now I can't log in to OpenKm even i use the following credentials.

Username : okmAdmin
Password : admin.

Can you please guide me.

Thank you.

Re: Ldap authentication for OpenKM

Posted: Mon May 15, 2017 7:49 pm
by jllort
You have switched OpenKM.xml to work with ldap or with database. Take in mind this change only take effect after restarting OpenKM ( okmAdmin / admin seems the user and credetials set by default is does not seems ldap credentials ).

Re: Ldap authentication for OpenKM

Posted: Tue May 16, 2017 3:38 am
by mbmni
dear sir / madam,

thank you for your valuable advice.

i create a Ldap user with following details

uid = fmaul
userPassword = test@1
cn = Famos Malisa
sn = Malisa

and i updated the OpenKM.xml file with the following code.

Code: Select all

<security:ldap-server id="ldapServer"
  url="ldap://localhost:10389/ou=users,ou=system"
  manager-dn="uid=admin,ou=system"
  manager-password="secret"/>

<security:authentication-manager alias="authenticationManager">
  <security:ldap-authentication-provider
    server-ref="ldapServer"
    user-search-base="ou=users,ou=system"
    user-search-filter="(objectClass=inetOrgPerson)"
    group-search-base="cn=testgroup"
    group-search-filter="(member={0})"
    group-role-attribute="cn"
    role-prefix="none">
  </security:ldap-authentication-provider>
</security:authentication-manager>
then i restart the OpenKM with tomcat.

now after all those settings done, cannot log into the OpenKM using the following user name and password

user name = fmaul
password = test@1

thank you.

Re: Ldap authentication for OpenKM

Posted: Tue May 16, 2017 9:09 am
by jllort
I suggest follow this sample in our documentation https://docs.openkm.com/kcenter/view/ok ... roles.html

As you can see in the documentation integration have two steps, we suggest first go for OpenKM configuration parameters ( administration ) what help you in retrieving users and roles from OpenKM. Then go for login.

1- Switch OpenKM.xml to database and login with okmAdmin registered in database
2- Ensure your configuration parameters going right ( user list etc... ), when you sucess on it, try changing again OpenKM.xml

Check user distinguished name, password, etc... In Administration > tools you should have ldap search tool to check individual configuration parameters. Start always getting users:

Code: Select all

principal.ldap.user.attribute = sAMAccountName
principal.ldap.user.search.base = DC=company,DC=com
principal.ldap.user.search.filter = (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=company,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=company,DC=com)))

Re: Ldap authentication for OpenKM

Posted: Wed May 17, 2017 6:04 am
by mbmni
dear sir / madam,

a have added my Ldap users to the OpenKM .
please be kind to look the attachment.
ldap03.PNG
later i configured the configuration settings for OpenKM.
please be kind to look the attachment.
ldap01.PNG
ldap02.PNG
thank you

Re: Ldap authentication for OpenKM

Posted: Thu May 18, 2017 7:09 am
by jllort
Your configuration might have several problems, the user has not the attribute member ( Active Directory does bidirectional relation, but this is not done by open ldap, that mean you must the attribute member for each user to set the roles ).

I suppose you are using openkm version 6.x or upper, you should use a more complete OpenKM.xml like what is shown here https://docs.openkm.com/kcenter/view/ok ... login.html