LDAP account integration
PostPosted:Mon Dec 28, 2020 5:52 am
Hi OpenKM Team:
I wish you a happy New Year !:D
I am testing the 6.3.10 Community Edition LDAP integration account.
LDAP test structure.
LDAP test structure.jpg (24.49 KiB) Viewed 9964 times
I changed the OpenKM.xml file
File path:
ldap.jpg (131.36 KiB) Viewed 9965 times
The tomcat log also did not see the error message.
I check my LDAP server log.
I wish you a happy New Year !:D
I am testing the 6.3.10 Community Edition LDAP integration account.
LDAP test structure.
File path:
Code: Select all
OpenKM.xml contents:
/opt/tomcat/OpenKM.xml.bak
/opt/tomcat/webapps/OpenKM/WEB-INF/classes/OpenKM.xmlCode: Select all
Then in the administrator web interface Configuration parameters:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task.xsd">
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.1.55:389/dc=test,dc=com"/>
<beans:property name="userDn" value="cn=IT,dc=test,dc=com"/>
<beans:property name="password" value="mypassword"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=OpenKM"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=Corp" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>Code: Select all
Restart the tomcat and refresh the Web to see the user account, but cannot log-in user account(authentication failed).
principal.adapter = com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server = ldap://192.168.1.55:389
principal.ldap.security.principal = cn=IT,dc=test,dc=com
principal.ldap.security.credentials = myPassword
principal.ldap.user.attribute = uid
principal.ldap.user.search.base = ou=Corp,dc=test,dc=com
principal.ldap.user.search.filter = (objectClass=inetOrgPerson)
principal.ldap.username.attribute = cn
principal.ldap.username.search.base = ou=Corp,dc=test,dc=com
principal.ldap.username.search.filter = (uid={0})
principal.ldap.mail.attribute = mail
principal.ldap.mail.search.base = ou=Corp,dc=test,dc=com
principal.ldap.mail.search.filter = (uid={0})
principal.ldap.role.attribute = cn
principal.ldap.role.search.base = ou=OpenKM,dc=test,dc=com
principal.ldap.role.search.filter = (objectClass=posixGroup)
principal.ldap.roles.by.user.attribute = cn
principal.ldap.roles.by.user.search.base = ou=OpenKM,dc=test,dc=com
principal.ldap.roles.by.user.search.filter = (memberUid={0})
principal.ldap.users.by.role.attribute = memberUid
principal.ldap.users.by.role.search.base = ou=OpenKM,dc=test,dc=com
principal.ldap.users.by.role.search.filter = (&(objectClass=posixGroup)(cn={0}))I check my LDAP server log.
Code: Select all
But I found the object in the search condition under the local LDAP server.Dec 29 16:49:24 ldap slapd[11379]: conn=4669 op=3 SRCH base="ou=Corp,dc=test,dc=com" scope=2 deref=3 filter="(uid=tzuy_yang)"
Dec 29 16:49:24 ldap slapd[11379]: <= bdb_equality_candidates: (uid) not indexed
Dec 29 16:49:24 ldap slapd[11379]: conn=4669 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 fd=11 ACCEPT from IP=192.168.1.46:60900 (IP=0.0.0.0:389)
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 op=0 BIND dn="cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com" method=128
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 op=0 BIND dn="cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com" mech=SIMPLE ssf=0
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 op=0 RESULT tag=97 err=0 text=
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 op=1 SRCH base="cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com" scope=0 deref=3 filter="(objectClass=*)"
Dec 29 16:49:24 ldap slapd[11379]: conn=4674 op=1 SEARCH RESULT [b]tag=101 err=32[/b] nentries=0 text=Code: Select all
Enter LDAP Password:
root#ldapsearch -x -H ldap://192.168.1.55:389 -b cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com -W -D "cn=IT,dc=test,dc=com"Code: Select all
Excuse me, where is the setting wrong? Thank you.# extended LDIF
#
# LDAPv3
# base <cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# tzuy_yang, J0400, Corp, test.com
dn: cn=tzuy_yang,cn=J0400,ou=Corp,dc=test,dc=com
sn: tzuy_yang
cn: tzuy_yang
uidNumber: 1001
gidNumber: 502
homeDirectory: /home/users/tzuy_yang
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
mail: tzuy_yang@test.com
uid: tzuy_yang
uid: J0400
userPassword:: e1NTSEF9TzArMnNnUU81WW9sdsdwyemVDODgvWDlJZjdrNzFhRFkvcWk=
# search result
search: 2
result: 0 Success