Open Source Document Management System | OpenKM

PostPosted:**Mon Oct 07, 2013 2:35 pm**

I am not able to create new roles ,please find below screen shot
and please let me know how to modify existing user to assign them to a new role.

PostPosted:**Tue Oct 08, 2013 9:10 pm**

Have you configured OpenKM to connect to ldap ? Which openkm version are you using ?

PostPosted:**Wed Oct 09, 2013 4:54 am**

I am using openKM 6.2.3 Tomcat bundle and here below is my ldap configuration

OpenKM.cfg

Code: Select all

# OpenKM Hibernate configuration values
hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl=none

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase=true
principal.ldap.referral=follow

principal.ldap.security.principal=CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3
principal.ldap.server=ldap url
principal.ldap.security.credentials=password

principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))

principal.ldap.role.attribute=cn
principal.ldap.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.role.search.filter=(cn=ROLE_*)

principal.ldap.roles.by.user.attribute=memberOf
principal.ldap.roles.by.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(sAMAccountName={0}))

principal.ldap.user.attribute=sAMAccountName
principal.ldap.user.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.user.search.filter=(&(objectClass=user)(objectCategory=person))

principal.ldap.username.attribute=cn
principal.ldap.username.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.username.search.filter=(&(objectClass=person)(sAMAccountName={0}))

principal.ldap.users.by.role.attribute=member
principal.ldap.users.by.role.search.base=dc=dc1,dc=dc2,dc=dc3
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))

principal.ldap.users.from.roles=false

OpenKM.xml

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

  <!-- Tasks configuration -->
  <!--
  <task:scheduler id="taskScheduler" pool-size="1"/>
  <task:scheduled-tasks scheduler="taskScheduler">
    <task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
  </task:scheduled-tasks>
  <beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
  -->
  
  <!-- Security configuration -->
  <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
      <security:password-encoder hash="md5"/>
      <security:jdbc-user-service 
        data-source-ref="dataSource"
        users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
        authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
    </security:authentication-provider>
    <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>
  
  <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="ldap url"/>
    <beans:property name="userDn" value="CN=OpenKM,OU=openkm,dc=dc1,dc=dc2,dc=dc3"/>
    <beans:property name="password" value="password"/>
    <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
  <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:constructor-arg>
      <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:property name="userSearch" ref="userSearch"/>
      </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg>
      <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:constructor-arg value="dc=dc1,dc=dc2,dc=dc3"/>
        <beans:property name="groupSearchFilter" value="member={0}"/>
        <beans:property name="groupRoleAttribute" value="cn"/>
        <beans:property name="searchSubtree" value="true" />
        <beans:property name="convertToUpperCase" value="false" />
        <beans:property name="rolePrefix" value="" />
      </beans:bean>
    </beans:constructor-arg>
  </beans:bean>
 
  <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="dc=dc1,dc=dc2,dc=dc3" />
    <beans:constructor-arg index="1" value="sAMAccountName={0}" />
    <beans:constructor-arg index="2" ref="contextSource" />
    <beans:property name="searchSubtree" value="true" />
  </beans:bean>
  
</beans:beans>

PostPosted:**Thu Oct 10, 2013 7:40 am**

Was not necessary copy here your ldap configuration. In case you got ldap integration the place to add or remove roles and users is directly your ldap, not openkm. OpenKM acts in read only mode to your ldap do not write. You want a new role ? add in your ldap and you'll see in openkm that's the idea.

Open Source Document Management System | OpenKM

Edit Existing User for role info

Edit Existing User for role info

Re: Edit Existing User for role info

Re: Edit Existing User for role info

Re: Edit Existing User for role info