In professional version we have mixed configuration where users comes from AD and roles are into OpenKM database, but in community this feature has not been released.
Watching your configuration seems you are using openldap, for each role you should create and attribute memberUid with the value of each user into.
The problem is in this section of the xml:
Code: Select all<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value=""/>
<beans:property name="groupSearchFilter"
value="division=IT"/>
<beans:property name="groupRoleAttribute"
value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase"
value="false" />
<beans:property name="rolePrefix" value="" />
<beans:property name="defaultRole"
value="ROLE_USER" />
</beans:bean>
Where you should have something like:
Code: Select all<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=roles"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
Take a look at this section of the documentation
https://docs.openkm.com/kcenter/view/ok ... login.html
The problem with openldap is for setting the relation between roles and user. You must declare attribute into roles and also attribute into user for bidirectional relation ( the second relation is not mandatory , will only take effect from UI when you are getting roles by user, but the first is mandatory you must add an attribute into each role to set the relation between users and roles ).