problem for the ldap integration
PostPosted:Wed May 20, 2015 12:05 am
I have a problem for the ldap integration for the openkm 6.3, I am able to use the ldap login
I did created appropriate group in my AD (MS 2008 r2) , created 3 groups (ROLE_ADMIN / ROLE_PowerUser/ ROLE_USER)
but I having issue for the Configuration, the users group not display in the openkm
I did created appropriate group in my AD (MS 2008 r2) , created 3 groups (ROLE_ADMIN / ROLE_PowerUser/ ROLE_USER)
but I having issue for the Configuration, the users group not display in the openkm
Code: Select all
OpenKM.cfg
principal.ldap.role.search.base List OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.role.search.filter String (objectclass=group)
principal.ldap.roles.by.user.attribute String memberOf
principal.ldap.roles.by.user.search.base String OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.roles.by.user.search.filter String (&(sAMAccountName={0}))
principal.ldap.security.credentials String xxxxxxxx
principal.ldap.security.principal String CN=OpenKM,OU=IT Admin (Exclude sync 365),OU=Users,OU=AU,DC=centos,DC=com
principal.ldap.server String ldap://10.188.2.2
principal.ldap.user.attribute String sAMAccountName
principal.ldap.user.search.base List DC=centos,DC=com
principal.ldap.user.search.filter String (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)))
principal.ldap.username.attribute String cn
principal.ldap.username.search.base String OU=Users,OU=AU,DC=centos,DC=com
principal.ldap.username.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute String member
principal.ldap.users.by.role.search.base String OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com
principal.ldap.users.by.role.search.filter String (&(objectClass=group)(CN={0}))Code: Select all
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://10.188.2.2"/>
<beans:property name="userDn" value="CN=OpenKM,OU=IT Admin (Exclude sync 365),OU=Users,OU=AU,DC=centos,DC=com"/>
<beans:property name="password" value="xxxxxx"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="DC=centos,DC=com"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="DC=centos,DC=com" />
<beans:constructor-arg index="1" value="(&(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_USER,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)(memberOf=CN=ROLE_PowerUser,OU=OpenKM,OU=Security Group,OU=AU,DC=centos,DC=com)))" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>