Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

mapping ldap parameter

https://forum.openkm.com/viewtopic.php?t=12652

Page 1 of 1

mapping ldap parameter

PostPosted:Thu Nov 13, 2014 8:20 pm
by vincentk222
Hi have insatlled and test openKM 6.2.5 CE on mysql

I can login with ldap and I can browse user in users tab in openkm

the problem is
I log with windows logon which is :john
but in the users tab the column ID and Name are displaying John Doe

How do I match john with John Doe?

If I search users with Role_Admin, i have exactly the the users I have in the LDAP
but I can not see the Role une the column Role???
principal.adapter string com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users boolean true
principal.hide.connection.roles boolean false
principal.ldap.mail.attribute string mail
principal.ldap.mail.search.base string DC=ck,DC=expo
principal.ldap.mail.search.filter string (&(objectclass=person)(sAMAccountName={0}))
principal.ldap.referral string follow
principal.ldap.role.attribute string cn
principal.ldap.role.search.base list DC=test,DC=org
principal.ldap.role.search.filter string (objectclass=group)
principal.ldap.roles.by.user.attribute string memberOf
principal.ldap.roles.by.user.search.base string DC=test,DC=org
principal.ldap.roles.by.user.search.filter string (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.security.credentials string password
principal.ldap.security.principal string CN=Super Users ,OU=Solutions,OU=Domain Controllers,DC=test,DC=org
principal.ldap.server string ldap://172.16.XXX.XXX:389
principal.ldap.user.attribute string sAMAccountName
principal.ldap.user.search.base list DC=test,DC=org
principal.ldap.user.search.filter string (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,DC=test,DC=org)(memberOf=CN=ROLE_USER,DC=test,DC=org)))
principal.ldap.username.attribute string sAMAccountName
principal.ldap.username.search.base string DC=test,DC=org
principal.ldap.username.search.filter string (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute string member
principal.ldap.users.by.role.search.base string DC=test,DC=org
principal.ldap.users.by.role.search.filter string (&(objectClass=group)(CN={0}))
principal.ldap.users.from.roles boolean false

Re: mapping ldap parameter

PostPosted:Sat Nov 15, 2014 5:15 pm
by jllort
I suppose would like to see the name not the login id. In this case you could try to change
Code: Select all
principal.ldap.username.attribute=cn
However you should take a look at ldap properties ( ldap browser ) to see what's the best to be used. In 90% cn is good candidate, or displayName.

Re: mapping ldap parameter

PostPosted:Mon Nov 17, 2014 11:07 am
by vincentk222
I worked on my ldap setting and it looks fworking for now.
BUT i still have a question.

When you go to Users tab I can see the dropdown list with role and all the users. this part is ok
By default i have in the column
Id,Name, Mail, Roles, ....
mapped to
sAMAccountName,displayName, mail,"ldap role"
this is ok because I use the sAMAccountName to log into OpenKM (OpenKM.xml)

Now when I select a role in the dropdown list e.g. Role_Admin and make a search, then I see column are mapped with other values
Id,Name, Mail, Roles, ....
cn,cn,"nothing,"nothing"

Mail and Roles are visible only if cn=sAMAccountName which is not alway the case in my AD

Re: mapping ldap parameter

PostPosted:Wed Nov 19, 2014 11:23 am
by jllort
Seems users.by.role is not correct
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited