LDAP Configuration

[dignan]

I am trying to configure OpenKM to use the LDAP here, however it doesn\'t seem to be able to find the bind user (despite it being correct).

I receive the following error:

2009-06-17 11:15:31,608 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=dignan
javax.naming.AuthenticationException: [LDAP: error code 49 - SASL(-13): user not found: no user in database uid=openkm,cn=users,dc=sub,dc=domain,dc=tld]

This is my configuration part of login-config.xml:

Code: Select all

<!-- OpenKM -->
 <application-policy name = \"OpenKM\">
  <authentication>
   <login-module code=\"org.jboss.security.auth.spi.LdapExtLoginModule\" flag=\"required\" >
    <module-option name=\"java.naming.provider.url\">ldap://sub.domain.tld:389</module-option>
    <module-option name=\"bindDN\">uid=openkm,cn=users,dc=sub,dc=domain,dc=tld</module-option>
    <module-option name=\"java.naming.security.authentication\">CRAM-MD5</module-option>
    <module-option name=\"bindCredential\">password</module-option>
    <module-option name=\"baseCtxDN\">cn=users,dc=sub,dc=domain,dc=tld</module-option>
    <module-option name=\"baseFilter\">(uid={0})</module-option>
    <module-option name=\"rolesCtxDN\">cn=groups,dc=sub,dc=domain,dc=tld</module-option>
    <module-option name=\"roleFilter\">(memberUid={0})</module-option>
    <module-option name=\"roleAttributeID\">cn</module-option>
    <module-option name=\"roleRecursion\">-1</module-option>
    <module-option name=\"defaultRole\">UserRol</module-option>
    <module-option name=\"allowEmptyPasswords\">False</module-option>
   </login-module>
  </authentication>
 </application-policy>

[dignan]

So I finally got this working.

This configuration works on an Mac OS 10.5.6 Open Directory Server:

Code: Select all

       <login-module code=\"org.jboss.security.auth.spi.LdapExtLoginModule\" flag=\"sufficient\" >
       <module-option name=\"java.naming.factory.initial\">
        com.sun.jndi.ldap.LdapCtxFactory
       </module-option>
       <module-option name=\"java.naming.provider.url\">
        ldap://sub.domain.tld:389/
       </module-option>
       <module-option name=\"java.naming.security.authentication\">
        simple
       </module-option>
       <module-option name=\"bindDN\">uid=openkm,cn=users,dc=sub,dc=domain,dc=tld</module-option>
       <module-option name=\"bindCredential\">password</module-option>
       <module-option name=\"baseCtxDN\">dc=sub,dc=domain,dc=tld</module-option>
       <module-option name=\"baseFilter\">(uid={0})</module-option>
       <module-option name=\"rolesCtxDN\">cn=groups,dc=sub,dc=domain,dc=tld</module-option>
       <module-option name=\"roleFilter\">(memberUid={0})</module-option>
       <module-option name=\"roleAttributeIsDN\">false</module-option>
       <module-option name=\"roleAttributeID\">cn</module-option>
       <module-option name=\"roleRecursion\">1</module-option>
       <module-option name=\"searchTimeLimit\">5000</module-option>
       <module-option name=\"searchScope\">SUBTREE_SCOPE</module-option>
       <module-option name=\"defaultRole\">UserRol</module-option>
      </login-module>

Hope that helps someone.

[jllort]

Good job.

Now for total integration you need to create some class that implements PrincipalAdapter. That\'s need for OpenKM to get user and group list.

[QStorm]

Hello,
I\'ve got a Simular problem

Code: Select all

[org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=q-storm
javax.naming.NamingException: Can\'t follow referal for authentication: 

OpenKM is installed on an Centos 5.3

Die anyone had that problem before??

Tanks
Q-Storm

[QStorm]

is fixed

[pawarnitin.scoe]

Is there need to write Java code for integration of LDAP with OpenKM?

Or just need to change login-cfg and OpenKM.cfg files??

[jllort]

NOw is not necessary writing java class, all is made with configuration params

[pawarnitin.scoe]

Thanx,,...
could you please give me details about how i can configure openkm . so that when i login to LDAP same login automatically gets logged into open KM.
what is require to configure LDAP integration with open KM?..
plz reply me .with details...

[pawarnitin.scoe]

could you please give me details about how i can configure openkm . so that when i login to LDAP same login automatically gets logged into open KM.
what is require to configure LDAP integration with open KM?..
plz reply me .with details for windows xp

[jllort]

In installation guide it's well explained but it's a locked documentation ( part of OpenKM network ) basically because we considering it's only for more professional installations.

You can search in forum about ldap, there's some well explained looking for "LdapPrincipalAdapter"