AD ACCOUNT INTEGRATION OPENKM 6.3 issues
PostPosted:Wed Oct 12, 2022 2:38 am
Hi OpenKM Team:
I am testing the 6.3.11 Community Edition active directory integration account.
AD test structure.
ABC.png (3.65 KiB) Viewed 3226 times
User ldif
OpenKM.xml contents:
Then in the administrator web interface Configuration parameters:
User login an error message will appear in the catalina.log
But the access permissions are normal.
But an error message will appear in the catalina.log
Best Regards,
I am testing the 6.3.11 Community Edition active directory integration account.
AD test structure.
Code: Select all
dn: CN=A123,OU=Mail,DC=ABC,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: A123
sn: li
givenName: michael
distinguishedName: CN=A123,OU=Mail,DC=ABC,DC=com
memberOf: CN=ROLE_ADMIN,OU=OpenKM,DC=ABC,DC=com
memberOf: CN=TEST,OU=OpenKM,DC=ABC,DC=com
name: A123
sAMAccountName: A123
sAMAccountType: 805306368
userPrincipalName: A123@ABC.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ABC,DC=com
mail: michael_li@ABC.com
OpenKM.xml contents:
Code: Select all
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=OpenKM,dc=ABC,dc=com"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="dc=ABC,dc=com"/>
<beans:constructor-arg index="1" value="sAMAccountName={0}"/>
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
Then in the administrator web interface Configuration parameters:
Code: Select all
principal.ldap.mail.attribute String mail
principal.ldap.mail.search.base String dc=ABC,dc=com
principal.ldap.mail.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.role.attribute String cn
principal.ldap.role.search.base List ou=OpenKM,dc=ABC,dc=com
principal.ldap.role.search.filter String (objectclass=group)
principal.ldap.roles.by.user.attribute String memberOf
principal.ldap.roles.by.user.search.base String dc=ABC,dc=com
principal.ldap.roles.by.user.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.user.attribute String sAMAccountName
principal.ldap.user.search.base List ou=Mail,dc=ABC,dc=com
principal.ldap.user.search.filter String (objectclass=person)
principal.ldap.username.attribute String cn
principal.ldap.username.search.base String ou=Mail,dc=ABC,dc=com
principal.ldap.username.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute String member
principal.ldap.users.by.role.search.base String cn={0},ou=OpenKM,dc=ABC,dc=com
principal.ldap.users.by.role.search.filter String (objectclass=group)
User login an error message will appear in the catalina.log
But the access permissions are normal.
Code: Select all
Log in with the ROLE_ADMIN account with administrative privileges to view the user list and display it normally.2022-10-12 10:23:42,388 [ajp-nio-127.0.0.1-8081-exec-1] ERROR c.o.principal.LdapPrincipalAdapter - NamingException: Unprocessed Continuation Reference(s) (Cache: com.openkm.cache.ldapPrincipalAdapter.general - Key: getRolesByUser:A123 - Base: [dc=ABC,dc=com] - Filter: (&(objectClass=person)(sAMAccountName=A123)) - Attribute: memberOf)
But an error message will appear in the catalina.log
Code: Select all
Excuse me, where is the setting wrong? Thank you.2022-10-12 10:34:46,255 [ajp-nio-127.0.0.1-8081-exec-2] ERROR c.o.principal.LdapPrincipalAdapter - NamingException: Unprocessed Continuation Reference(s) (Cache: com.openkm.cache.ldapPrincipalAdapter.general - Key: getRolesByUser:A123 - Base: [dc=ABC,dc=com] - Filter: (&(objectClass=person)(sAMAccountName=A123)) - Attribute: memberOf)
2022-10-12 10:34:46,299 [ajp-nio-127.0.0.1-8081-exec-2] ERROR c.o.principal.LdapPrincipalAdapter - NamingException: Unprocessed Continuation Reference(s) (Cache: com.openkm.cache.ldapPrincipalAdapter.general - Key: getMail:A123 - Base: [dc=ABC,dc=com] - Filter: (&(objectClass=person)(sAMAccountName=A123)) - Attribute: mail)
Best Regards,