CAnt login thru okmAdmin

[prashantkasbe]

Hi,

I am trying out OpenKM and trying to set up the environment.

I have done all the stuff from the installation manual on the link below except the LDAP Based things

http://www.openkm.com/index.php?option= ... figuration

But when I try to login via okmAdmin it gives below error

OKM-012015(GetRoot): OKM-012015

okm:root

OKM-012015(GetTemplate): OKM-012015

okm:templates

Please suggest the cause and actions to clear this error

Thanks
Prashant

[jllort]

Really you don't need to do anything related in that configuration link, you only must explode zip file in your file system, have installed java jdk 1.6 and run jboss, nothing else is needed.

In download zip file there's a txt intallation guide, read that. If error persist say to us.

[prashantkasbe]

Thank you jllort

I have done the quick install and with that I am able to login with account okmAdmin.

I am looking to deploy it with integrating with JBOSS login and other setting mentioned in the openkm_configuration
http://www.openkm.com/index.php?option= ... figuration

DO I need to do entire set up as I am testing out with LDAP and other stuff.
Where can I find documentation on usage of OpenKM, I need to analyse it.

Thanks in Advance
Prashant Kasbe

[jllort]

Here's some full example that runs

In your login-config.xml might be something like :

Code: Select all

<application-policy name="OpenKM">
	<authentication>
		<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > 
		  <module-option name="java.naming.provider.url">ldap://192.168.0.6</module-option> 
		  <module-option name="bindDN">CN=Administrador,cn=users,dc=weyler,dc=local</module-option>
		  <module-option name="java.naming.security.authentication">simple</module-option>
		  <module-option name="bindCredential">password</module-option>
		  <module-option name="baseCtxDN">cn=users,dc=weyler,dc=local</module-option>
		  <module-option name="baseFilter">(sAMAccountName={0})</module-option>
		  <module-option name="rolesCtxDN">cn=users,dc=weyler,dc=local</module-option>
		  <module-option name="roleFilter">(member={1})</module-option>
		  <module-option name="roleAttributeID">cn</module-option>
		  <module-option name="roleAttributeIsDN">false</module-option>
		  <module-option name="roleRecursion">2</module-option>
		  <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
		  <module-option name="defaultRole">UserRole</module-option>
		</login-module> 
	  </authentication>
	</application-policy>

here you must change for your own values:
192.168.0.6
dc=weyler
CN=Administrador
<module-option name="bindCredential">password</module-option>

And in your OpenKM.cfg must me something like this:

Code: Select all

principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://192.168.0.6
principal.ldap.security.principal=CN=Administrador,cn=users,dc=weyler,dc=local
principal.ldap.security.credentials=password
principal.ldap.user.search.base=cn=users,dc=weyler,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=cn=users,dc=weyler,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},cn=users,dc=weyler,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail

here you must change for your own values:
192.168.0.6
dc=weyler
CN=Administrador
principal.ldap.security.credentials=password

Remember any change in OpenKM.cfg and login-config.xml need reloading jboss

[seval]

Hi,
Have no problem with your example when connecting to 2003 AD. Everything is working properly.
My problem started when I tried to authenticate against Fedora Directory Server (389-server). I passed authentication with entered username and then I get the following error:
HTTP Status 403 - Access to the requested resource has been denied.
Here is my login-config.xml
==========login-config.xml============
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://openkm.domain.local</module-option>
<module-option name="bindDN">cn=Directory Manager</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">ou=people,dc=domain,dc=local</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=groups,dc=domain,dc=local</module-option>
<module-option name="roleFilter">(memberUid={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="defaultRole">UserRol</module-option>
</login-module>
</authentication>
</application-policy>
===============================================

Here is my OpenKM.cfg
==========OpenKM.cfg============================
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://openkm.domain.local
principal.ldap.security.principal=cn=Directory Manager
principal.ldap.security.credentials=password
principal.ldap.user.search.base=ou=people,dc=domain,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=ou=groups,dc=domain,dc=local
principal.ldap.role.search.filter=(objectclass=posixGroup)
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},ou=people,dc=domain,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail
=============================================

Can someone advise, please? Where to look?
Thank you.

[jllort]

You must take a look at your fedora ldap, sure it'll have other configuration. Try connecting you your ldap, browsing, ensure your OpenKM server can connect to ldap fedora port etc...

[vasix]

Hi All

Have exactly the same problem with OKM 4.0 on Centos 5.0 + LDAP
Previously version of OKM was 3.0 and worked perfectly with the same LDAP server.
I used the same properties to connect to LDAP and after authentication I receive this error:

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Since OKM3 is working OK can you advise where to look or what to change in order to fix OKM4 & LDAP?

thank you

[jllort]

You get error 403 in your browser?

Remember in login-config.xml you must change UserRol to UserRole and in your ldap change the roles name that has changed now older UserRol and AdminRol are called UserRole and AdminRole

[vasix]

many thanks Jllort
unfortunately I discovered this myself after one lost night and tons of debugs
you live, you learn

keep up the good work and thank you for this invaluable piece of software!