Online demo
Download
Contact

Because information matters

  • Issue with AD global groups

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
It is currently Wed Jun 18, 2025 6:29 pm

Issue with AD global groups

Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

Re: Issue with AD global groups

 #29624  by jllort
 
what you told is very very strange. I've connected with a lot of AD and I've never seen this problem. From openkm side name, upper case or lowercase is exactly the same ( be a role or user ).

Connect as user what have ROLE_ADMIN and then in administration execute the minimal script I proposed:
Code: Select all
import com.openkm.spring.*;
print("["+PrincipalUtils.getRoles()"]");
Be sure you do not have white spaces or something simillar, this is not allowed, roles like userid should be word not separated by spaces or strange character ( _ and - is allowed as separator, but do not do strange things ).

Re: Issue with AD global groups

 #29638  by sagar
 
As I explained I have used the same exact name the only difference is the case when all letters are capital it will work fine otherwise it won't.

By the way the script you provided will print all the roles in capital case; is this relevant?


Regards,
Sagar

Re: Issue with AD global groups

 #29662  by jllort
 
Really the method does not doing internal uppercase. The uppercase should be done by other cause, the source code of the method is:
Code: Select all
/**
	 * Obtain the list of user roles.
	 */
	public static Set<String> getRoles() {
		Authentication auth = getAuthentication();
		Set<String> roles = new HashSet<String>();
		
		if (auth != null) {
			for (GrantedAuthority ga : auth.getAuthorities()) {
				roles.add(ga.getAuthority());
			}
		}
		
		return roles;
	}
This is a spring call, I can not provide you more clues, or is something in:
- your ldap ( quite strange )
- OpenKM.xml some tag is forcing setting uppercase
- something in your tomcat server what cause this collateral issue with spring

Re: Issue with AD global groups

 #29673  by sagar
 
Hi,

- I am using the same ldap server with OpenKM 5 without any issue at all.
- This is my OpenKM.xml file:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

  <!-- Tasks configuration -->
  <!--
  <task:scheduler id="taskScheduler" pool-size="1"/>
  <task:scheduled-tasks scheduler="taskScheduler">
    <task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
  </task:scheduled-tasks>
  <beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
  -->
  
  <!-- Security configuration -->
<security:ldap-server id="ldapServer"
url="ldap://192.168.1.100:389"
manager-dn="CN=okmadmin,OU=All-Staff,DC=company,DC=com"
manager-password="password"/>
 
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
server-ref="ldapServer"
user-search-base="OU=All-Staff,DC=company,DC=com"
user-search-filter="(sAMAccountName={0})"
group-search-base="OU=All-Groups,DC=company,DC=com"
group-search-filter="(member={0})"
group-role-attribute="cn"
role-prefix="none"> 
</security:ldap-authentication-provider>
</security:authentication-manager>


</beans:beans>


Thanks for your help.

Regards,
Sagar

Re: Issue with AD global groups

 #29691  by jllort
 
The problem is that your OpenKM.xml is incorrect. Take a look at this example http://wiki.openkm.com/index.php/Ldap-example3 and remove what you got there, and follow as is shown in example. Take in consideration ldap integration with jboss has not any relation with spring integration under tomcat.
 Reply
 Return to “Installation”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -