Open Source Document Management System | OpenKM

PostPosted:**Tue May 10, 2011 7:53 pm**

Note de "double t" in "attribute" -> principal.ldap.mail.attribute. In your OpenKM.cfg there is only a t.

Also a decent LDAP client may help you in the queries. The best one I have seen and also multi-platform is Apache Directory Studio.

PostPosted:**Wed May 11, 2011 4:34 am**

Khris wrote:Ok.....so I've modeled my OpenKM.cfg and login-config.xml files after the user who made this post: http://forum.openkm.com/viewtopic.php?f=4&t=5146

I've also used the LDAP java test utility and this configuration fully works.

I can get past the first authentication screen (so I know that login-config.xml is working), but then as soon as I see "Loading User Values" in the "Loading OpenKM" window, I get another box that comes up says "Error when communicating with server (getUserWorkspace)".

*sigh*

Because default permission of all okm:root, okm:categories and so on is UserRoles so if you login with normal user, you will see "Error when communicating with server (getUserWorkspace)" error. You must login with a admin user (as you defined in AdminRoles) and go to Repository view to edit permission of each okm:****.

PostPosted:**Wed May 11, 2011 1:15 pm**

I am logging in as someone that's been placed into the "OpenKMadmins" AD group when I get this error.

PostPosted:**Mon May 16, 2011 8:12 am**

Every user in OpenKM should have UserRole or AdminRole because these are the only granted to access to OpenKM. Call them "connection roles" if you like. Additionally you can add more roles used to manage your repository permissions.

PostPosted:**Mon May 16, 2011 12:31 pm**

I'm still getting the GetUserWorkspace Error. Here are my current OpenKM.cfg and login-config.xml files.

OpenKM.cfg

Code: Select all

#system.ocr=/usr/bin/cuneiform
#system.openoffice.path=/usr/lib/openoffice
#system.imagemagick.convert=/usr/bin/convert
#system.swftools.pdf2swf=/usr/bin/pdf2swf
#system.antivir=/usr/bin/clamscan
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none
application.url=http://localhost/OpenKM/com.openkm.frontend.Main/index.jsp

#default.user.role=OpenKMusers
#default.admin.role=OpenKMadmins

system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter

principal.ldap.server=ldap://192.168.100.31
principal.ldap.security.principal=cn=LDAP,ou=OTRS,dc=***,dc=net
principal.ldap.security.credentials=***

principal.ldap.user.search.base=dc=***,dc=net
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=cn=UserRole,ou=OpenKM,dc=***,dc=net))
principal.ldap.user.attribute=sAMAccountName

principal.ldap.role.search.base=dc=***,dc=net
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=cn=OpenKMroles,ou=OpenKM,dc=***,dc=net))
principal.ldap.role.attribute=sAMAccountName

principal.ldap.mail.search.base=dc=***,dc=net
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail

principal.ldap.users.by.role.search.base=ou=OpenKM,dc=***,dc=net
principal.ldap.users.by.role.search.filter=(sAMAccountName={0})
principal.ldap.users.by.role.attribute=member

principal.ldap.roles.by.user.search.base=dc=***,dc=net
principal.ldap.roles.by.user.search.filter=(sAMAccountName={0})
principal.ldap.roles.by.user.attribute=memberOf

login-config.xml

Code: Select all

<!-- OpenKM -->
    <application-policy name = "OpenKM">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
             <module-option name="java.naming.provider.url">ldap://192.168.100.31</module-option>
             <module-option name="bindDN">cn=LDAP,ou=OTRS,dc=***,dc=net</module-option>
             <module-option name="java.naming.security.authentication">simple</module-option>
             <module-option name="java.naming.referral">follow</module-option>
             <module-option name="bindCredential">****</module-option>
             <module-option name="baseCtxDN">dc=***,dc=net</module-option>
             <module-option name="baseFilter">(&(sAMAccountName={0})(memberOf=CN=UserRole,OU=OpenKM,dc=***,dc=net))</module-option>
             <module-option name="rolesCtxDN">dc=***,dc=net</module-option>
             <module-option name="roleFilter">(member={1})</module-option>
             <module-option name="roleAttributeID">sAMAccountName</module-option>
             <module-option name="roleAttributeIsDN">false</module-option>
             <module-option name="roleRecursion">-1</module-option>
             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
             <!--<module-option name="defaultRole">UserRole</module-option>-->
             <module-option name="allowEmptyPasswords">false</module-option>
          </login-module>
       </authentication>
    </application-policy>

PostPosted:**Wed May 18, 2011 10:15 am**

Can you post the piece of log with the exception stack trace? Have you tried this configuration with the last OpenKM 5.1.3 ?

PostPosted:**Thu May 19, 2011 12:09 pm**

Yes, using this configuration with 5.1.3.

Attached are the complete boot and server logs and the steps taken to create them below.

-Deleted prior log files
-Started server with "sudo ./run.sh -b 0.0.0.0" command
-When server was fully up and running, logged into "http://localhost/OpenKM" with Active Directory credentials
-Ok'd server error windows and closed browser
-Shutdown server

PostPosted:**Fri May 20, 2011 7:40 am**

This have no sense. This piece of code only is executed if the principal adapter is a DatabasePrincipalAdapter and you are using an LDAP. Which values has the "principal.adapter" configuration property? Look at administration.

PostPosted:**Fri May 20, 2011 12:59 pm**

Sorry, I'm not quite understanding what you're saying.

PostPosted:**Sat May 21, 2011 6:33 am**

Post here your OpenKM.cfg

PostPosted:**Tue May 31, 2011 1:13 pm**

Code: Select all

#system.ocr=/usr/bin/cuneiform
#system.openoffice.path=/usr/lib/openoffice
#system.imagemagick.convert=/usr/bin/convert
#system.swftools.pdf2swf=/usr/bin/pdf2swf
#system.antivir=/usr/bin/clamscan
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none
application.url=http://localhost/OpenKM/com.openkm.frontend.Main/index.jsp

#default.user.role=OpenKMusers
#default.admin.role=OpenKMadmins

system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter

principal.ldap.server=ldap://192.168.100.31
principal.ldap.security.principal=cn=LDAP,ou=OTRS,dc=***,dc=net
principal.ldap.security.credentials=**********

principal.ldap.user.search.base=dc=psg,dc=net
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=cn=UserRole,ou=OpenKM,dc=***,dc=net))
principal.ldap.user.attribute=sAMAccountName

principal.ldap.role.search.base=dc=psg,dc=net
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=cn=OpenKMroles,ou=OpenKM,dc=***,dc=net))
principal.ldap.role.attribute=sAMAccountName

principal.ldap.mail.search.base=dc=***,dc=net
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail

principal.ldap.users.by.role.search.base=ou=OpenKM,dc=***,dc=net
principal.ldap.users.by.role.search.filter=(sAMAccountName={0})
principal.ldap.users.by.role.attribute=member

principal.ldap.roles.by.user.search.base=dc=***,dc=net
principal.ldap.roles.by.user.search.filter=(sAMAccountName={0})
principal.ldap.roles.by.user.attribute=memberOf

PostPosted:**Mon Jun 06, 2011 1:51 pm**

I've followed the tip here (http://forum.openkm.com/viewtopic.php?f=4&t=5196#p11229), to add in the LDAP config through the Administration page and I'm now able to login and authenticate via Active Directory.

I am having the same problem however, where none of the roles or users are being listed. I am using the OpenKM.cfg data in the post above. Any suggestions on where I'm going wrong?

PostPosted:**Wed Jun 08, 2011 12:38 pm**

Code: Select all

principal.ldap.users.by.role.search.base=ou=OpenKM,dc=***,dc=net
principal.ldap.users.by.role.search.filter=(sAMAccountName={0})
principal.ldap.users.by.role.attribute=member

principal.ldap.roles.by.user.search.base=dc=***,dc=net
principal.ldap.roles.by.user.search.filter=(sAMAccountName={0})
principal.ldap.roles.by.user.attribute=memberOf

This is what I'm having issues with. Can anyone offer any assistance as to proper structure with Active Directory?

PostPosted:**Sat Jun 11, 2011 6:23 pm**

If you're not able to login to OpenKM must concentrate on login-config.xml ( any change made there needs restarting jboss )

PostPosted:**Mon Jun 13, 2011 11:52 am**

I've already stated I could log in. The issue is with seeing users and groups from the Administrative area.

Open Source Document Management System | OpenKM

OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors

Re: OpenKM Active Directory Errors