Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

Issue with AD global groups

https://forum.openkm.com/viewtopic.php?t=12419

Page 2 of 2

Re: Issue with AD global groups

PostPosted:Fri Aug 22, 2014 9:01 am
by jllort
what you told is very very strange. I've connected with a lot of AD and I've never seen this problem. From openkm side name, upper case or lowercase is exactly the same ( be a role or user ).

Connect as user what have ROLE_ADMIN and then in administration execute the minimal script I proposed:
Code: Select all
import com.openkm.spring.*;
print("["+PrincipalUtils.getRoles()"]");
Be sure you do not have white spaces or something simillar, this is not allowed, roles like userid should be word not separated by spaces or strange character ( _ and - is allowed as separator, but do not do strange things ).

Re: Issue with AD global groups

PostPosted:Sun Aug 24, 2014 6:46 am
by sagar
As I explained I have used the same exact name the only difference is the case when all letters are capital it will work fine otherwise it won't.

By the way the script you provided will print all the roles in capital case; is this relevant?


Regards,
Sagar

Re: Issue with AD global groups

PostPosted:Mon Aug 25, 2014 4:40 pm
by jllort
Really the method does not doing internal uppercase. The uppercase should be done by other cause, the source code of the method is:
Code: Select all
/**
	 * Obtain the list of user roles.
	 */
	public static Set<String> getRoles() {
		Authentication auth = getAuthentication();
		Set<String> roles = new HashSet<String>();
		
		if (auth != null) {
			for (GrantedAuthority ga : auth.getAuthorities()) {
				roles.add(ga.getAuthority());
			}
		}
		
		return roles;
	}
This is a spring call, I can not provide you more clues, or is something in:
- your ldap ( quite strange )
- OpenKM.xml some tag is forcing setting uppercase
- something in your tomcat server what cause this collateral issue with spring

Re: Issue with AD global groups

PostPosted:Tue Aug 26, 2014 7:21 am
by sagar
Hi,

- I am using the same ldap server with OpenKM 5 without any issue at all.
- This is my OpenKM.xml file:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

  <!-- Tasks configuration -->
  <!--
  <task:scheduler id="taskScheduler" pool-size="1"/>
  <task:scheduled-tasks scheduler="taskScheduler">
    <task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
  </task:scheduled-tasks>
  <beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
  -->
  
  <!-- Security configuration -->
<security:ldap-server id="ldapServer"
url="ldap://192.168.1.100:389"
manager-dn="CN=okmadmin,OU=All-Staff,DC=company,DC=com"
manager-password="password"/>
 
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
server-ref="ldapServer"
user-search-base="OU=All-Staff,DC=company,DC=com"
user-search-filter="(sAMAccountName={0})"
group-search-base="OU=All-Groups,DC=company,DC=com"
group-search-filter="(member={0})"
group-role-attribute="cn"
role-prefix="none"> 
</security:ldap-authentication-provider>
</security:authentication-manager>


</beans:beans>


Thanks for your help.

Regards,
Sagar

Re: Issue with AD global groups

PostPosted:Wed Aug 27, 2014 6:49 pm
by jllort
The problem is that your OpenKM.xml is incorrect. Take a look at this example http://wiki.openkm.com/index.php/Ldap-example3 and remove what you got there, and follow as is shown in example. Take in consideration ldap integration with jboss has not any relation with spring integration under tomcat.

Re: Issue with AD global groups

PostPosted:Thu Aug 28, 2014 6:48 am
by sagar
Thanks this solved the issue.

I was using the configuration on this page http://wiki.openkm.com/index.php/Active ... OpenKM_6.2

Appreciate your kind help.


Regards,
Sagar
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Limited