Open Source Document Management System | OpenKM - active directory authentication not Working

Reply

active directory authentication not Working

#4507 by vsharma1985
Thu Mar 25, 2010 3:45 pm

HI

everyone,

I am trying to connect the openkm 4.0 with ADAM active directory for user management and authentication. But i am Facing a trouble while configuring it. The Login-config.xml where i am configuiring the ldap is :

Code: Select all

 <application-policy name="OpenKM">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
           <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
            <module-option name="bindDN">CN=okmAdmin,OU=Users,DC=openkm,DC=com</module-option>[i]// ---user created in ADAM directory//[/i]
            <module-option name="java.naming.security.authentication"></module-option>
            <module-option name="bindCredential">admin</module-option>[i]// password for okmAdmin as "admin" it was working with properties file.[/i]
            <module-option name="baseCtxDN">OU=Users,DC=openkm,DC=com</module-option>
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="rolesCtxDN">OU=Users,DC=openkm,DC=com</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">false</module-option>
            <module-option name="roleRecursion">2</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            <module-option name="defaultRole">UserRole</module-option>
          </login-module>
         </authentication>
       </application-policy>
</policy>

The openkm.cfg details are :

Code: Select all

repository.config=repository.xml
repository.home=repository
system.user=system
default.user.role=UserRole
default.admin.role=AdminRole
max.file.size=100
max.search.results=25
application.url=http://localhost:8080/OpenKM/es.git.openkm.frontend.Main/index.jsp 
restrict.file.mime=on
restrict.file.extension=*~,*.bak,._* 
  principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
  principal.ldap.server=ldap://localhost:389
  principal.ldap.security.principal=CN=okmAdmin,OU=Users,DC=openkm,DC=com
  principal.ldap.security.credentials=admin
  principal.ldap.user.search.base=cn=Users,DC=openkm,DC=com
  principal.ldap.user.search.filter=(objectclass=user)
 principal.ldap.user.atribute=cn
 principal.ldap.role.search.base=cn=Users,DC=openkm,DC=com
 principal.ldap.role.search.filter=(objectclass=group)
 principal.ldap.role.atribute=cn
 principal.ldap.mail.search.base=cn={0},cn=Users,DC=openkm,DC=com
 principal.ldap.mail.search.filter=(objectclass=user)
 principal.ldap.mail.atribute=mail

Jboss log are as Follows

Code: Select all

21:00:36,687 ERROR [STDERR] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001D2, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=openkm,DC=com'
 ]; remaining name 'cn=Users,DC=openkm,DC=com'
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
21:00:36,687 ERROR [STDERR]     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:152)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:59)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:901)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.api.OKMAuth.getUsers(OKMAuth.java:165)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.core.UserMailImporter.run(UserMailImporter.java:43)
21:00:36,687 ERROR [STDERR]     at java.util.TimerThread.mainLoop(Timer.java:512)
21:00:36,687 ERROR [STDERR]     at java.util.TimerThread.run(Timer.java:462)
21:00:36,687 INFO  [STDOUT] INFO  es.git.openkm.module.direct.DirectAuthModule - getUsers:[]
21:00:36,687 INFO  [STDOUT] INFO  es.git.openkm.api.OKMAuth - getUsers: []

I am New to ADAM active directory . So please mention out steps to have this process working fine in possible.Do let me know if there is any better alternative too than ADAM active directory. thanks in Advance.

Username

vsharma1985

Rank

Fresh Boarder

Posts

9

Joined

Fri Feb 19, 2010 9:27 am

Re: active directory authentication not Working

#4524 by jllort
Sat Mar 27, 2010 12:12 pm

okmAdmin has rights to connect to your ldap ?
your server domain is openkm.com ( DC=openkm,DC=com )

Code: Select all

principal.ldap.security.principal=CN=okmAdmin

MIght be simple security authentication ?

Code: Select all

<module-option name="java.naming.security.authentication">simple</module-option>

Could be good idea adding

Code: Select all

<module-option name="allowEmptyPasswords">false</module-option>

You don't need to enable it, it's enabled by deault

Code: Select all

#repository.config=repository.xml
#repository.home=repository
#system.user=system
#default.user.role=UserRole
#default.admin.role=AdminRole

Try with lower case ( could be some problem on it , unix system are case sensitive)

Code: Select all

cn=users

Username

jllort

Rank

Moderator

Posts

12053

Joined

Fri Dec 21, 2007 11:23 am

Location

Sineu - ( Illes Balears ) - Spain

Contact

Re: active directory authentication not Working

#6457 by pawarnitin.scoe
Wed Sep 15, 2010 12:56 pm

Is there need to write Java code for integration of LDAP with OpenKM?

Or just need to change login-cfg and OpenKM.cfg files??

Username

pawarnitin.scoe

Rank

Fresh Boarder

Posts

7

Joined

Wed Sep 15, 2010 12:53 pm

Re: active directory authentication not Working

#6472 by jllort
Thu Sep 16, 2010 5:18 pm

first you need to concentrate in login-config.xml after it could have in mind OpenKM.cfg, but authentication is all defined in login-config.xml

Which ldap you've got because DC=openkm,DC=com it's strange domain for your ldap except if you've configured with that values your domain server

Username

jllort

Rank

Moderator

Posts

12053

Joined

Fri Dec 21, 2007 11:23 am

Location

Sineu - ( Illes Balears ) - Spain

Contact

Reply

Page 1 of 1
4 posts