Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

ACTIVE DIRECTORY Configuration for OpenKM

https://forum.openkm.com/viewtopic.php?t=3795

Page 1 of 1

ACTIVE DIRECTORY Configuration for OpenKM

PostPosted:Mon May 31, 2010 6:13 am
by dbworks
OpenKM developers, users,

First of all, THANK YOU, for developing this system.

I am new to the world of computing. Currently, I have the OpenKM (quick installed) and successfully running it on a Win XP machine. I plan to install (Copy )it on to a Windows 2008 Server and achieve the following.
1. Use Active Directory for authentication (I read a lot of postings but was too confusing, can you please help me by telling where I should start)
2. Use the current Groups and Organizations ( if possible) to set permissions and give access. ( Do I need to create any special groups or users on the Active Directory?)
3. Use the current data on this server and incorporate in the OPENKM system. ( Currently I have folders and files, which are shared in the network)

Please suggest if the above are achievable. If yes, I am a quick learner and would like to be a part of this system and utilize this system in our organization. If I am able to impress my managers , I am pretty sure this can work for us and we will probably convert our licenses to business license (if there is anything like that)

Thank you in advance.

D Kalya.

IT. Coord.
Nisseki Chemical Texas. Inc.

Re: ACTIVE DIRECTORY Configuration for OpenKM

PostPosted:Mon May 31, 2010 10:18 am
by jllort
Hi

1- Configuring ldap is not difficult but need some time. In installation guide is well explained how to make it, but it's a part of OpenKM Network ( annual subscription that helps us mantaining documentation, at bottom web page it's explained how to subscribe, there's a 15 days trial before payment become efective )
http://wiki.openkm.com/index.php/Installation_Guide ( installation guide )
http://wiki.openkm.com/index.php/Active_Directory ( Here in active directory it's full example, well explained )

2- You can use users and groups directly from your ldap ( remember UserRole and AdminRole are mandatory to users, connection grant, among other that you could use in ldap )

3- There's a importation utility in adminitration tab ( at top right )

If you've got interest in professional services use our contact form, we've got several supporting levels, the last we've included is monthly payment as similar way you contracting hosting ( http://www.openkm.com/Contact/ ). Out supporting service includes, remote installation, certification specially backup, technical supporting ( annual ) and migration ( if it's need we make migration for you between version ).

I recommend you take a look at user guide http://wiki.openkm.com/index.php/User_Guide because I'm sure there're a lot of features you don't know exists in OpenKM.

Re: ACTIVE DIRECTORY Configuration for OpenKM

PostPosted:Mon May 31, 2010 9:51 pm
by dbworks
Thank you for your response.
I bought the subscriptions and emailed the sales@openkm but I have not received the log in information. Please let me know what else I need to do before I can log into the Open KM WIki.

Re: ACTIVE DIRECTORY Configuration for OpenKM

PostPosted:Tue Jun 01, 2010 4:30 pm
by dbworks
Jllort,
Thank you
I was able to log into the help files to check on the Active Directory Settings and found out that I need to utilize the Ldap Login Module. I tried making changes but I get authentication failed. I believe that I am not correctly configuring the module. The examples are confusing for me as I did not understand what values to change and change to what?..

For example,, under the OpenKM, it is told that I need to make changes on the 192.168.0.6, Administrador, password and weyler, but I am not sure what values I will need to substitute for my situation.
I have a AD Server running on a computer with IP Address 192.168.1.20, which is in the Domain: NI****.COM. The admin user is: NI***admin with its associated password.

Alternate Address to the Server using server name: ADSERVER.NI****.COM
----------------------
On the ACTIVE DIR, the tree is as follows:
Active Directory User and Computers> NI****.COM(DOMAIN) > IT Network Admins(OU) > IT Computers(OU) > NI***admin (UserName)
----------------------

Below is my changes files
-------------Login-config -----------------------
Code: Select all
 <!-- OpenKM -->
    <application-policy name="OpenKM">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > 
      <module-option name="java.naming.provider.url">ldap://nis***:389</module-option> 
      <module-option name="bindDN">CN=niss****dmin,ou=IT Network Admins ou=IT COMPUTERS,dc=nis***,dc=com</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="bindCredential">Vin****</module-option>
      <module-option name="baseCtxDN">cn=users,dc=weyler,dc=local</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="rolesCtxDN">cn=users,dc=weyler,dc=local</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option name="defaultRole">UserRole</module-option>
      <module-option name="allowEmptyPasswords">false</module-option>
    </login-module> 
  </authentication>
</application-policy>
-------------- OpenKM.----------
Code: Select all
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://nissekichem.com:389
principal.ldap.security.principal=CN=nis*****dmin,ou=IT Network Admins,ou=IT COMPUTERS,dc=nis***,dc=com
principal.ldap.security.credentials=Vins****
principal.ldap.user.search.base=cn=users,dc=weyler,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=cn=users,dc=weyler,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},cn=users,dc=weyler,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail
system.login.lowercase=on
Thank you in advance.

-D

Re: ACTIVE DIRECTORY Configuration for OpenKM

PostPosted:Wed Jun 02, 2010 8:07 am
by jllort
Administrador is your server user in your case NI***admin
password is the password for this user to connect
weyler must be your domain name in your case seems NI****.COM ( by default for example in windows could be the classical Workgroup )


That's wrong
Code: Select all
<module-option name="baseCtxDN">cn=users,dc=weyler,dc=local</module-option>
I thinkg might be nis****shem ( I've edited your post with **** because in xml was some private information )

Concentrate firt in login-config.xml, The params of OpenKM.cfg are to widget UI ( get users and roles in security popup panels )

I recommend enable login debug at jboss-log4j.xml
Code: Select all
<category name="org.jboss.security">
      <priority value="DEBUG" />
   </category>
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited