Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

active directory authentication not Working

https://forum.openkm.com/viewtopic.php?t=3664

Page 1 of 1

active directory authentication not Working

PostPosted:Thu Mar 25, 2010 3:45 pm
by vsharma1985
HI

everyone,

I am trying to connect the openkm 4.0 with ADAM active directory for user management and authentication. But i am Facing a trouble while configuring it. The Login-config.xml where i am configuiring the ldap is :
Code: Select all
 <application-policy name="OpenKM">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
           <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
            <module-option name="bindDN">CN=okmAdmin,OU=Users,DC=openkm,DC=com</module-option>[i]// ---user created in ADAM directory//[/i]
            <module-option name="java.naming.security.authentication"></module-option>
            <module-option name="bindCredential">admin</module-option>[i]// password for okmAdmin as "admin" it was working with properties file.[/i]
            <module-option name="baseCtxDN">OU=Users,DC=openkm,DC=com</module-option>
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="rolesCtxDN">OU=Users,DC=openkm,DC=com</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">false</module-option>
            <module-option name="roleRecursion">2</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            <module-option name="defaultRole">UserRole</module-option>
          </login-module>
         </authentication>
       </application-policy>
</policy>
The openkm.cfg details are :
Code: Select all
repository.config=repository.xml
repository.home=repository
system.user=system
default.user.role=UserRole
default.admin.role=AdminRole
max.file.size=100
max.search.results=25
application.url=http://localhost:8080/OpenKM/es.git.openkm.frontend.Main/index.jsp 
restrict.file.mime=on
restrict.file.extension=*~,*.bak,._* 
  principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
  principal.ldap.server=ldap://localhost:389
  principal.ldap.security.principal=CN=okmAdmin,OU=Users,DC=openkm,DC=com
  principal.ldap.security.credentials=admin
  principal.ldap.user.search.base=cn=Users,DC=openkm,DC=com
  principal.ldap.user.search.filter=(objectclass=user)
 principal.ldap.user.atribute=cn
 principal.ldap.role.search.base=cn=Users,DC=openkm,DC=com
 principal.ldap.role.search.filter=(objectclass=group)
 principal.ldap.role.atribute=cn
 principal.ldap.mail.search.base=cn={0},cn=Users,DC=openkm,DC=com
 principal.ldap.mail.search.filter=(objectclass=user)
 principal.ldap.mail.atribute=mail
Jboss log are as Follows
Code: Select all
21:00:36,687 ERROR [STDERR] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001D2, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=openkm,DC=com'
 ]; remaining name 'cn=Users,DC=openkm,DC=com'
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
21:00:36,687 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
21:00:36,687 ERROR [STDERR]     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:152)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:59)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:901)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.api.OKMAuth.getUsers(OKMAuth.java:165)
21:00:36,687 ERROR [STDERR]     at es.git.openkm.core.UserMailImporter.run(UserMailImporter.java:43)
21:00:36,687 ERROR [STDERR]     at java.util.TimerThread.mainLoop(Timer.java:512)
21:00:36,687 ERROR [STDERR]     at java.util.TimerThread.run(Timer.java:462)
21:00:36,687 INFO  [STDOUT] INFO  es.git.openkm.module.direct.DirectAuthModule - getUsers:[]
21:00:36,687 INFO  [STDOUT] INFO  es.git.openkm.api.OKMAuth - getUsers: []
I am New to ADAM active directory . So please mention out steps to have this process working fine in possible.Do let me know if there is any better alternative too than ADAM active directory. thanks in Advance.

Re: active directory authentication not Working

PostPosted:Sat Mar 27, 2010 12:12 pm
by jllort
okmAdmin has rights to connect to your ldap ?
your server domain is openkm.com ( DC=openkm,DC=com )
Code: Select all
principal.ldap.security.principal=CN=okmAdmin
MIght be simple security authentication ?
Code: Select all
<module-option name="java.naming.security.authentication">simple</module-option>
Could be good idea adding
Code: Select all
<module-option name="allowEmptyPasswords">false</module-option>
You don't need to enable it, it's enabled by deault
Code: Select all
#repository.config=repository.xml
#repository.home=repository
#system.user=system
#default.user.role=UserRole
#default.admin.role=AdminRole
Try with lower case ( could be some problem on it , unix system are case sensitive)
Code: Select all
cn=users

Re: active directory authentication not Working

PostPosted:Wed Sep 15, 2010 12:56 pm
by pawarnitin.scoe
Is there need to write Java code for integration of LDAP with OpenKM?

Or just need to change login-cfg and OpenKM.cfg files??

Re: active directory authentication not Working

PostPosted:Thu Sep 16, 2010 5:18 pm
by jllort
first you need to concentrate in login-config.xml after it could have in mind OpenKM.cfg, but authentication is all defined in login-config.xml

Which ldap you've got because DC=openkm,DC=com it's strange domain for your ldap except if you've configured with that values your domain server
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited