• Ldap authentication for OpenKM

  • Help us to improve OpenKM! Be part of the Open Source Community.
Help us to improve OpenKM! Be part of the Open Source Community.
Forum rules: Please, before asking something see the documentation wiki or use the forum search function.
 #43806  by mbmni
 
Dear sir / madam,
I successfully add my Ldap user to the user list in my OpenKm.

After that I logged out from openKM.

Now I can't log in to OpenKm even i use the following credentials.

Username : okmAdmin
Password : admin.

Can you please guide me.

Thank you.
 #43818  by jllort
 
You have switched OpenKM.xml to work with ldap or with database. Take in mind this change only take effect after restarting OpenKM ( okmAdmin / admin seems the user and credetials set by default is does not seems ldap credentials ).
 #43826  by mbmni
 
dear sir / madam,

thank you for your valuable advice.

i create a Ldap user with following details

uid = fmaul
userPassword = test@1
cn = Famos Malisa
sn = Malisa

and i updated the OpenKM.xml file with the following code.
Code: Select all
<security:ldap-server id="ldapServer"
  url="ldap://localhost:10389/ou=users,ou=system"
  manager-dn="uid=admin,ou=system"
  manager-password="secret"/>

<security:authentication-manager alias="authenticationManager">
  <security:ldap-authentication-provider
    server-ref="ldapServer"
    user-search-base="ou=users,ou=system"
    user-search-filter="(objectClass=inetOrgPerson)"
    group-search-base="cn=testgroup"
    group-search-filter="(member={0})"
    group-role-attribute="cn"
    role-prefix="none">
  </security:ldap-authentication-provider>
</security:authentication-manager>
then i restart the OpenKM with tomcat.

now after all those settings done, cannot log into the OpenKM using the following user name and password

user name = fmaul
password = test@1

thank you.
 #43834  by jllort
 
I suggest follow this sample in our documentation https://docs.openkm.com/kcenter/view/ok ... roles.html

As you can see in the documentation integration have two steps, we suggest first go for OpenKM configuration parameters ( administration ) what help you in retrieving users and roles from OpenKM. Then go for login.

1- Switch OpenKM.xml to database and login with okmAdmin registered in database
2- Ensure your configuration parameters going right ( user list etc... ), when you sucess on it, try changing again OpenKM.xml

Check user distinguished name, password, etc... In Administration > tools you should have ldap search tool to check individual configuration parameters. Start always getting users:
Code: Select all
principal.ldap.user.attribute = sAMAccountName
principal.ldap.user.search.base = DC=company,DC=com
principal.ldap.user.search.filter = (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=company,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=company,DC=com)))
 #43843  by mbmni
 
dear sir / madam,

a have added my Ldap users to the OpenKM .
please be kind to look the attachment.
ldap03.PNG
ldap03.PNG (51.32 KiB) Viewed 21443 times
later i configured the configuration settings for OpenKM.
please be kind to look the attachment.
ldap01.PNG
ldap01.PNG (28.33 KiB) Viewed 21443 times
ldap02.PNG
ldap02.PNG (30.25 KiB) Viewed 21443 times
thank you
 #43857  by jllort
 
Your configuration might have several problems, the user has not the attribute member ( Active Directory does bidirectional relation, but this is not done by open ldap, that mean you must the attribute member for each user to set the roles ).

I suppose you are using openkm version 6.x or upper, you should use a more complete OpenKM.xml like what is shown here https://docs.openkm.com/kcenter/view/ok ... login.html

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.