Problem with LDAP configuration
PostPosted:Mon Nov 22, 2010 12:31 pm
Hello,
I'm trying to configure authentication through our Active Directory with LDAP. I've googled and tried several ways to set it up but it doesn't work: I get "authentication error".
Can you help me with this?
Here is my configuration:
OpenKM.cfg:
.../server/default/conf/login-config.xml:
Greg.
I'm trying to configure authentication through our Active Directory with LDAP. I've googled and tried several ways to set it up but it doesn't work: I get "authentication error".
Can you help me with this?
Here is my configuration:
OpenKM.cfg:
Code: Select all
restrict.file.mime=off
restrict.file.extension=*~,*.bak,._*
system.openoffice=on
system.openoffice=/usr/lib/openoffice
system.pdf2swf=/usr/local/bin/pdf2swf
hibernate.hbm2ddl=none
max.file.size=060520010
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://our.server.example.net:389
principal.ldap.security.principal=cd=queryldap,cn=Users,dc=server,dc=example,,dc=net
principal.ldap.security.credentials=queryldap
principal.ldap.user.search.base=cn=our,dc=server,dc=example,,dc=net
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=OPENKM_UserRole,CN=our,dc=server,dc=example,dc=net))
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=cn=our,dc=server,dc=example,dc=net
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=CN=OPENKM_OpenKM,CN=our,dc=server,dc=example,dc=net))
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},cn=our,dc=server,dc=example,dc=net
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail
system.login.lowercase=on
.../server/default/conf/login-config.xml:
Code: Select all
Thanks, <!-- OpenKM -->
<application-policy name = "OpenKM">
<authentication>
<!-- <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/OpenKMDS</module-option>
<module-option name="principalsQuery">select usr_password as PASSWD from OKM_USER where usr_id=? and usr_active=true</module-option>
<module-option name="rolesQuery">select ur_role as ROLEID, 'Roles' from OKM_USER_ROLE where ur_user=?</module-option>
<module-option name="hashAlgorithm">md5</module-option>
<module-option name="hashEncoding">hex</module-option>
</login-module>-->
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://our.server.example.net:389</module-option>
<module-option name="bindDN">CN=queryldap,cn=Users,dc=server,dc=example,dc=net</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">queryldap</module-option>
<module-option name="baseCtxDN">cn=Users,dc=server,dc=example,dc=net</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">cn=Users,dc=server,dc=example,dc=net</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="baseFilter">(&(sAMAccountName={0})(memberOf=CN=OPENKM_UserRole,CN=our,dc=server,dc=example,dc=net))</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Greg.