No User/Groups in OpenKM with Active Directory Login
PostPosted:Thu Jul 01, 2010 4:37 pm
Hello,
I am trying to setup OpenKM for Active Directory Authentication with some success. I can login using active directory as both a user and administrator with problems. My problem is when trying to update the security settings on folders in OpenKM there are no groups or users displayed except for the user who created the folder.
Setup:
1. In Active Directory created the groups AdminRole, UserRole, and OpenKm
2. Added all desired admins to the AdminRole group
3. Added all desired users to the UserRole group
4. Added all desired Active Directory groups to the OpenKM group
OpenKM.cfg
Any help would be appreciated.
Thanks,
-Dan
I am trying to setup OpenKM for Active Directory Authentication with some success. I can login using active directory as both a user and administrator with problems. My problem is when trying to update the security settings on folders in OpenKM there are no groups or users displayed except for the user who created the folder.
Setup:
1. In Active Directory created the groups AdminRole, UserRole, and OpenKm
2. Added all desired admins to the AdminRole group
3. Added all desired users to the UserRole group
4. Added all desired Active Directory groups to the OpenKM group
OpenKM.cfg
Code: Select all
login-config.xml
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://ad.mydomain.net
principal.ldap.security.principal=cd=myADAdmin,cn=Users,dc=mydomain,dc=net
principal.ldap.security.credentials=myPasswd
principal.ldap.user.search.base=cn=Users,dc=mydomain,dc=net
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=UserRole,CN=Users,DC=mydomain,DC=net))
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=cn=users,dc=mydomain,dc=net
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=CN=OpenKM,CN=Users,DC=mydomain,DC=net))
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},cn=Users,dc=mydomain,dc=net
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail
system.login.lowercase=on
Code: Select all
All of my users and groups are under CN=Users,DC=mydomain,DC=net<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://ad.mydomain.net</module-option>
<module-option name="bindDN">CN=Administrator,cn=Users,dc=mydomain,dc=net</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">myPasswd</module-option>
<module-option name="baseCtxDN">cn=Users,dc=mydomain,dc=net</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">cn=Users,dc=mydomain,dc=net</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="baseFilter">(&(sAMAccountName={0})(memberOf=CN=UserRole,CN=Users,DC=mydomain,DC=net))</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policyAny help would be appreciated.
Thanks,
-Dan