OpenLDAP authentication
PostPosted:Fri Jun 11, 2010 1:03 pm
Hi,
I've recently configured OpenKM to use OpenLDAP as authentication. Everything works fine except the assignment of the AdminRoles.
Even though people are member of the AdminRole group they have no admin rights.
(I know there are already topics about LDAP. But I haven't found anything that helps me solving my problem)
So here are my configs:
First of all the OpenKM.cfg:
Has anyone an idea how I can achieve the assignment of the AdminRole?
Thanks for your help.
I've recently configured OpenKM to use OpenLDAP as authentication. Everything works fine except the assignment of the AdminRoles.
Even though people are member of the AdminRole group they have no admin rights.
(I know there are already topics about LDAP. But I haven't found anything that helps me solving my problem)
So here are my configs:
First of all the OpenKM.cfg:
Code: Select all
The login-config.xml:
restrict.file.mime=off
restrict.file.extension=*~,*.bak,._*
max.file.size=25
system.antivir=/usr/bin/clamscan
system.pdf2swf=/usr/bin/pdf2swf
system.openoffice=on
application.url=http://msc.charite.de:8080/OpenKM/es.git.openkm.frontend.Main/index.jsp
repository.home=/data/application/openkm
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://localhost:389
principal.ldap.security.principal=cn=admin,dc=***,dc=***
principal.ldap.security.credentials=***
principal.ldap.user.search.base=ou=bcrt,dc=***,dc=***
principal.ldap.user.search.filter=(objectclass=inetOrgPerson)
principal.ldap.user.attribute=uid
principal.ldap.role.search.base=ou=openkm,ou=application,dc=***,dc=***
principal.ldap.role.search.filter=(objectclass=groupOfNames)
principal.ldap.role.attribute=memberOf
system.login.lowercase=onCode: Select all
And finally my LDAP looks like this:
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=admin,dc=***,dc=***</module-option>
<module-option name="bindCredential">***</module-option>
<module-option name="baseCtxDN">ou=bcrt,dc=***,dc=***</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=openkm,ou=applications,dc=***,dc=***</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">False</module-option>
<module-option name="defaultRole">UserRole</module-option>
</login-module>
</authentication>
</application-policy>Code: Select all
(I tried it with beeing a member of both groupOfNames and with beeing only in one of the groups, but it makes no difference)dn: dc=***,dc=***
objectclass: dcObject
objectclass: organization
dc: ***
o: ***
dn: ou=people,dc=***,dc=***
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=maxm,ou=people,dc=***,dc=***
objectclass: top
objectclass: person
objectclass: iNetOrgPerson
objectclass: organizationalPerson
uid: maxm
cn: maxm
sn: max
userPassword: ***
displayName: Max Mustermann
givenName: max
mail: ***@gmail.com
dn: ou=applications,dc=***,dc=***
objectclass: top
objectclass: organizationalUnit
ou: applications
dn: ou=openkm,ou=applications,dc=***,dc=***
objectclass: top
objectclass: organizationalUnit
ou: openkm
dn: cn=UserRole,ou=openkm,ou=applications,dc=***,dc=***
objectClass: top
objectClass: groupOfNames
cn: UserRole
description: OpenKM User
member: uid=maxm,ou=people,dc=***,dc=***
dn: cn=AdminRole,ou=openkm,ou=applications,dc=***,dc=***
objectClass: groupOfNames
objectClass: top
cn: AdminRole
description: OpenKM Administrators
member: uid=maxm,ou=people,dc=***,dc=***
Has anyone an idea how I can achieve the assignment of the AdminRole?
Thanks for your help.