Online demo
Download
Contact

Because information matters

  • Issue when trying to login trough ldap

  • We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
It is currently Wed Jun 18, 2025 9:29 am

Issue when trying to login trough ldap

We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

Issue when trying to login trough ldap

 #8948  by roycal93
 
Hi guys,

I am trying to integrate OpenKM with Ldap, in another post you helped me with the login-config.xml and I was able to login succesfully.

Now the issue is that when I login system starts to load everything, it freezes out when loading the templates and shows the following error:
The system has generated an error
Code: Select all
OKM-012015(GetTemplate): OKM-012015
okm:templates

In the server.log I got:
2011-02-18 14:48:27,251 ERROR [es.git.openkm.frontend.server.OKMRepositoryServlet] okm:templates
es.git.openkm.core.PathNotFoundException: okm:templates
.........
Caused by: javax.jcr.PathNotFoundException: okm:templates
	at org.apache.jackrabbit.core.NodeImpl.getNode(NodeImpl.java:2478)
	at es.git.openkm.module.direct.DirectFolderModule.getProperties(DirectFolderModule.java:81)
	at es.git.openkm.module.direct.DirectRepositoryModule.getTemplatesFolder(DirectRepositoryModule.java:433)
	... 30 more
Is that because I need to configure something else in openKM.cfg?

Here is my login-config.xml:
Code: Select all
    <!-- OpenKM -->
    <application-policy name = "OpenKM">
		<authentication>
			<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag = "required">
				<module-option name="java.naming.provider.url">ldap://avantica.avanticatec.net:3268</module-option>
				<module-option name="bindDN">cn=Roy Calvo Burgos,cn=Users,dc=avantica,dc=avanticatec,dc=net</module-option>
				<module-option name="java.naming.security.authentication">simple</module-option>
				<module-option name="bindCredential">RrCc56789</module-option>
				<module-option name="baseCtxDN">cn=Users,dc=avantica,dc=avanticatec,dc=net</module-option>
				<module-option name="baseFilter">(sAMAccountName={0})</module-option>
				<module-option name="rolesCtxDN">cn=Users,dc=avantica,dc=avanticatec,dc=net</module-option>
				<module-option name="roleFilter">(member={1})</module-option>
				<module-option name="roleAttributeID">cn</module-option>
				<module-option name="roleAttributeIsDN">false</module-option>
				<module-option name="roleRecursion">2</module-option>
				<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
				<module-option name="defaultRole">UserRole</module-option>
				<module-option name="allowEmptyPasswords">false</module-option>				
			</login-module> 
		</authentication>
	</application-policy>
And the openkm.cfg, everything is commented as per I don't know which things should be there:
Code: Select all
#principal.ldap.server=ldap://192.168.1.15:3268
#principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
#principal.ldap.security.principal=cn=Roy Calvo Burgos,cn=avantica,cn=users,dc=avantica,dc=avanticatec,dc=net
#principal.ldap.security.credentials=RrCc56789
#principal.ldap.user.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net</module-option>
#principal.ldap.user.search.filter=(sAMAccountName={0})
#principal.ldap.user.attribute=sAMAccountName
#principal.ldap.role.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net
#principal.ldap.role.search.filter=(member={1})
#principal.ldap.role.attribute=cn
#principal.ldap.mail.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net
#principal.ldap.mail.search.filter=(member={1})
#principal.ldap.mail.attribute=mail
#system.login.lowercase=on
The rest of the configuration is the default openkm uses. If you could help me I would really appreciate it.

Best regards,

RC.

Re: Issue when trying to login trough ldap

 #8950  by roycal93
 
Ohhh.... I forgot to specify that when I remove the ldap integration and leave the default openkm authentication, everything works perfectly. But I need to link it to our ldap. :(

Thanks.

Re: Issue when trying to login trough ldap

 #8959  by jllort
 
If i Understand when authentication is setting at it comes by default the okm:template is found otherside when you use ldap appears it error.

Ok, lets enable now OpenKM.cfg parameters.
Capture server.log error from login( only this segment not all server.log ) and put here to understandind what causes really the error.

Re: Issue when trying to login trough ldap

 #9028  by roycal93
 
Thanks a lot! This is what I got when I login with the ldap credentials:
Code: Select all
2011-02-21 12:45:15,332 DEBUG [org.jboss.security.plugins.JaasSecurityManager.OpenKM] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@295b9a
2011-02-21 12:45:15,332 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@13d0493
2011-02-21 12:45:15,332 DEBUG [org.jboss.security.plugins.JaasSecurityManager.OpenKM] CachePolicy set to: org.jboss.util.TimedCachePolicy@f7757c
2011-02-21 12:45:15,332 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@f7757c
2011-02-21 12:45:15,332 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added OpenKM, org.jboss.security.plugins.SecurityDomainContext@42299e to map
2011-02-21 12:45:23,223 DEBUG [es.git.openkm.module.direct.DirectWorkflowModule] findUserTaskInstances(107639881777656779930212337924401)
2011-02-21 12:45:23,239 DEBUG [es.git.openkm.module.direct.DirectWorkflowModule] findPooledTaskInstances(107639881777656779930212337924401)
2011-02-21 12:45:23,317 DEBUG [es.git.openkm.module.direct.DirectWorkflowModule] findPooledTaskInstances: []
2011-02-21 12:45:23,661 ERROR [es.git.openkm.module.direct.DirectRepositoryModule] okm:templates
javax.jcr.PathNotFoundException: okm:templates
	at org.apache.jackrabbit.core.NodeImpl.getNode(NodeImpl.java:2478)
	at es.git.openkm.module.direct.DirectFolderModule.getProperties(DirectFolderModule.java:81)
	at es.git.openkm.module.direct.DirectRepositoryModule.getTemplatesFolder(DirectRepositoryModule.java:433)
	at es.git.openkm.api.OKMRepository.getTemplatesFolder(OKMRepository.java:64)
	at es.git.openkm.frontend.server.OKMRepositoryServlet.getTemplate(OKMRepositoryServlet.java:106)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:164)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:619)
2011-02-21 12:45:23,661 ERROR [es.git.openkm.frontend.server.OKMRepositoryServlet] okm:templates
es.git.openkm.core.PathNotFoundException: okm:templates
	at es.git.openkm.module.direct.DirectRepositoryModule.getTemplatesFolder(DirectRepositoryModule.java:439)
	at es.git.openkm.api.OKMRepository.getTemplatesFolder(OKMRepository.java:64)
	at es.git.openkm.frontend.server.OKMRepositoryServlet.getTemplate(OKMRepositoryServlet.java:106)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:164)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:619)
Caused by: javax.jcr.PathNotFoundException: okm:templates
	at org.apache.jackrabbit.core.NodeImpl.getNode(NodeImpl.java:2478)
	at es.git.openkm.module.direct.DirectFolderModule.getProperties(DirectFolderModule.java:81)
	at es.git.openkm.module.direct.DirectRepositoryModule.getTemplatesFolder(DirectRepositoryModule.java:433)
	... 30 more
2011-02-21 12:45:23,755 DEBUG [es.git.openkm.module.direct.DirectWorkflowModule] findUserTaskInstances: []
But this does not happen when removing the ldap integration and leaving the default one.

Thanks a lot for your help.

Re: Issue when trying to login trough ldap

 #9029  by roycal93
 
And this is the OpenKM.cfg
Code: Select all
restrict.file.mime=off
restrict.file.extension=*~,*.bak,._*
max.file.size=25

principal.ldap.server=ldap://192.168.1.15:3268
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.security.principal=cn=Roy Calvo Burgos,cn=Users,dc=avantica,dc=avanticatec,dc=net
principal.ldap.security.credentials=(mypassword)
principal.ldap.user.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net
principal.ldap.user.search.filter=(sAMAccountName={0})
principal.ldap.user.attribute=sAMAccountName
principal.ldap.role.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net
principal.ldap.role.search.filter=(member={1})
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn=Users,dc=avantica,dc=avanticatec,dc=net
principal.ldap.mail.search.filter=(member={1})
principal.ldap.mail.attribute=mail
system.login.lowercase=on

Re: Issue when trying to login trough ldap

 #9036  by jllort
 
Which openkm version are you using, because es.git.openkm.principal.LdapPrincipalAdapter seems to and older class now is called com.openkm.principal.LdapPrincipalAdapter

Search filter seems bad for version 5.x is older version then don't take it
Code: Select all
principal.ldap.user.search.filter=(objectclass=person)
and that too
Code: Select all
principal.ldap.role.search.filter=(objectclass=group)
You might include some category log on jboss-log4j.xml to the LdapPrincipalAdapter to getting a full log in server.

Re: Issue when trying to login trough ldap

 #9057  by roycal93
 
Thanks for your help.

The version we're using is OpenKM4.

I have made the change but now it shows another message for I think it is of the same type. I got this message when it loads the taxonomy and those things:
Code: Select all
The system has generated an error:
OKM-007001(GetGrantedUsers): Repository internal error
com.openkm.principal.LdapPrincipalAdapter
OKM-007001(GetGrantedUsers): Repository internal error
com.openkm.principal.LdapPrincipalAdapter
OKM-012015(GetTemplate): OKM-012015
okm: templates
I didn't removed these lines because you said they are needed for older versions.
Code: Select all
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.role.search.filter=(objectclass=group)
These are the errors I got on the log server:
Code: Select all
2011-02-22 12:46:19,868 ERROR [es.git.openkm.frontend.server.OKMAuthServlet] com.openkm.principal.LdapPrincipalAdapter
es.git.openkm.core.RepositoryException: com.openkm.principal.LdapPrincipalAdapter
...
Caused by: java.lang.ClassNotFoundException: com.openkm.principal.LdapPrincipalAdapter
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1358)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1204)
	at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:169)
	at es.git.openkm.module.direct.DirectAuthModule.getPrincipalAdapter(DirectAuthModule.java:849)

2011-02-22 12:46:22,524 ERROR [es.git.openkm.module.direct.DirectAuthModule] com.openkm.principal.LdapPrincipalAdapter
java.lang.ClassNotFoundException: com.openkm.principal.LdapPrincipalAdapter
...

2011-02-22 12:46:22,524 ERROR [es.git.openkm.frontend.server.OKMAuthServlet] com.openkm.principal.LdapPrincipalAdapter
es.git.openkm.core.RepositoryException: com.openkm.principal.LdapPrincipalAdapter
...
Caused by: java.lang.ClassNotFoundException: com.openkm.principal.LdapPrincipalAdapter
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1358)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1204)
	at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:169)
	at es.git.openkm.module.direct.DirectAuthModule.getPrincipalAdapter(DirectAuthModule.java:849)

2011-02-22 12:46:22,649 ERROR [es.git.openkm.module.direct.DirectRepositoryModule] okm:templates
javax.jcr.PathNotFoundException: okm:templates
2011-02-22 12:46:22,649 ERROR [es.git.openkm.frontend.server.OKMRepositoryServlet] okm:templates
es.git.openkm.core.PathNotFoundException: okm:templates
...
Caused by: javax.jcr.PathNotFoundException: okm:templates
	at org.apache.jackrabbit.core.NodeImpl.getNode(NodeImpl.java:2478)
	at es.git.openkm.module.direct.DirectFolderModule.getProperties(DirectFolderModule.java:81)
	at es.git.openkm.module.direct.DirectRepositoryModule.getTemplatesFolder(DirectRepositoryModule.java:433)

2011-02-22 12:46:34,462 ERROR [es.git.openkm.module.direct.DirectAuthModule] com.openkm.principal.LdapPrincipalAdapter
java.lang.ClassNotFoundException: com.openkm.principal.LdapPrincipalAdapter

2011-02-22 12:46:34,462 ERROR [es.git.openkm.core.UserMailImporter] com.openkm.principal.LdapPrincipalAdapter
es.git.openkm.core.RepositoryException: com.openkm.principal.LdapPrincipalAdapter
...
Caused by: java.lang.ClassNotFoundException: com.openkm.principal.LdapPrincipalAdapter
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1358)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1204)
	at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:169)
	at es.git.openkm.module.direct.DirectAuthModule.getPrincipalAdapter(DirectAuthModule.java:849)
Any other idea? I am going to try with a OpenKM 5. And see what happends.

Re: Issue when trying to login trough ldap

 #9139  by roycal93
 
I finally got it!!!! I changed what you said and now the users can login using the ldap username and password. Thanks a lot for your help!!!

Now I have a couple of questions:

1. I have this lines on my login-config.xml file (and some others):
Code: Select all
<module-option name="bindDN">cn=Roy Calvo Burgos,cn=Users,dc=avantica,dc=avanticatec,dc=net</module-option>
<module-option name="bindCredential">my_password</module-option>
If I remove my info (name and pw) I am unable to login. Why do I need to have a user name and a password written on those fields?

2. How do we manage the Openkm privileges with these users? Is there any way to assign roles to these users? Right now they all use the:
Code: Select all
<module-option name="defaultRole">UserRole</module-option>
I remove it and I couldn't login, is there any way to handle the openkm roles by separately?

Thanks again for your help, YOU REALLY ROCK!!!

Re: Issue when trying to login trough ldap

 #9174  by jllort
 
Users on ldap must have assigned some role called UserRole you must remove defaultRole. That indicates your job is still not finished because autentication is not getting the roles.

About why you're authenticating without username and pass ... the reason is you server don't demand any credential to login ( low security level in your server ). Are you sure about it ... login-config.xml changes only take effect when you restart jboss !
 Reply
 Return to “Usage”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -