Set OpenKM and Postgresql

[rbaguia]

We are trying OpenKm but we are having trouble to configure it for data management and user authentication with Postgresql.

We know that support is paid, but even to decide whether we gonna buy support or not we need to put the system to work with Postgresql.

Please, could you help us ?

[jllort]

You must working on four files:
OpenKM.cfg to indicate hibernate you're using postgreSQL
repository.xml to indicate repository
openkm-ds for the same
login-config.xml ( if there're some changes need )

Some documentation it could be useful:
http://wiki.openkm.com/index.php/Reposi ... figuration
http://wiki.openkm.com/index.php/Using_ ... _databases

[rbaguia]

Hi,

I'm having trouble configuring PostgreSQL.
Create database.
Access normally http://localhost:8080/OpenKM
However, I can not log into the system OpenKM to User: okmAdmin and password: admin.

Below is my configuration files:

OpenKM.cgf:

# Default configuration values
#
# repository.config=repository.xml
# repository.home=repository
# system.user=system
# default.user.role=UserRol
# default.admin.role=AdminRol
# principal.adapter=com.openkm.core.UsersRolesPrincipalAdapter
# max.file.size=5
# max.search.results=25
# system.demo=off
#restrict.file.mime=off
#restrict.file.extension=*~,*.bak,._*
#system.ocr=/usr/bin/tesseract
#system.openoffice.path=/usr/lib/openoffice
#system.img2pdf=/usr/bin/convert
#system.pdf2swf=/usr/bin/pdf2swf
#system.antivir=/usr/bin/clamscan
#hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
hibernate.hbm2ddl=create
#application.url=http://localhost:8080/OpenKM/com.openkm ... /index.jsp
#max.file.size=060520010
#principal.adapter=com.openkm.principal.DatabasePrincipalAdapter
#notify.twitter.user=openkm
#notify.twitter.password=****
#subscription.message.body=Prueba.vm

repository.xml:

<?xml version="1.0"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.6//EN"
"http://jackrabbit.apache.org/dtd/repository-1.6.dtd">
<Repository>
<!-- virtual file system where the repository stores global state
(e.g. registered namespaces, custom node types, etc.) -->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository"/>
</FileSystem>

<!-- Security configuration -->
<Security appName="OpenKM">
<!-- Security manager: FQN of class implementing the JackrabbitSecurityManager interface -->
<!--<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager" workspaceName="security">-->
<!-- workspace access: FQN of class implementing the WorkspaceAccessManager interface -->
<!-- <WorkspaceAccessManager class="..."/> -->
<!-- <param name="config" value="${rep.home}/security.xml"/> -->
<!--</SecurityManager>-->

<!-- Access manager: FQN of class implementing the AccessManager interface -->
<AccessManager class="com.openkm.core.OKMAccessManager"/>
<!-- <AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager"/> -->
<!-- <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"> -->
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
<!-- </AccessManager> -->

<!-- <LoginModule class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule"> -->
<!-- <LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule"> -->
<!-- Anonymous user name ('anonymous' is the default value) -->
<!-- <param name="anonymousId" value="anonymous"/> -->
<!-- Administrator user id (default value if param is missing is 'admin') -->
<!-- <param name="adminId" value="admin"/> -->
<!-- <param name="principalProvider" value="..."/> -->
<!--</LoginModule>-->
</Security>

<!-- Location of workspaces root directory and name of default workspace -->
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default"/>

<!-- Workspace configuration template:
used to create the initial workspace if there's no workspace yet -->
<Workspace name="${wsp.name}">
<!-- Virtual file system of the workspace:
class: FQN of class implementing the FileSystem interface -->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>

<!-- Persistence manager of the workspace:
class: FQN of class implementing the PersistenceManager interface -->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.DerbyPersistenceManager">
<param name="url" value="jdbc:postgresql:${wsp.home}/db;create=true"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>

<!-- Search index and the file system it uses.
class: FQN of class implementing the QueryHandler interface -->
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="textFilterClasses" value="
org.apache.jackrabbit.extractor.PlainTextExtractor,
org.apache.jackrabbit.extractor.MsWordTextExtractor,
org.apache.jackrabbit.extractor.MsExcelTextExtractor,
org.apache.jackrabbit.extractor.MsPowerPointTextExtractor,
org.apache.jackrabbit.extractor.OpenOfficeTextExtractor,
org.apache.jackrabbit.extractor.RTFTextExtractor,
org.apache.jackrabbit.extractor.HTMLTextExtractor,
org.apache.jackrabbit.extractor.XMLTextExtractor,
org.apache.jackrabbit.extractor.PngTextExtractor,
org.apache.jackrabbit.extractor.MsOutlookTextExtractor,
com.openkm.extractor.PdfTextExtractor,
com.openkm.extractor.AudioTextExtractor,
com.openkm.extractor.ExifTextExtractor,
com.openkm.extractor.TiffTextExtractor,
com.openkm.extractor.SourceCodeTextExtractor,
com.openkm.extractor.MsOffice2007TextExtractor"/>
<param name="extractorPoolSize" value="2"/>
<param name="supportHighlighting" value="false"/>
<param name="indexingConfiguration" value="${wsp.home}/../../../indexing_configuration.xml"/>
</SearchIndex>
</Workspace>

<!-- Configures the versioning -->
<Versioning rootPath="${rep.home}/version">
<!-- Configures the filesystem to use for versioning for the respective
persistence manager -->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/version" />
</FileSystem>

<!-- Configures the persistence manager to be used for persisting version state.
Please note that the current versioning implementation is based on
a 'normal' persistence manager, but this could change in future
implementations. -->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.DerbyPersistenceManager">
<param name="url" value="jdbc:postgresql:${rep.home}/version/db;create=true"/>
<param name="schemaObjectPrefix" value="version_"/>
</PersistenceManager>
</Versioning>

<!-- Search index for content that is shared repository wide
(/jcr:system tree, contains mainly versions) -->
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${rep.home}/repository/index"/>
<param name="textFilterClasses" value=""/>
<param name="extractorPoolSize" value="2"/>
<param name="supportHighlighting" value="false"/>
</SearchIndex>

<!-- DataStore improve file handling performance -->
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="${rep.home}/repository/datastore"/>
<param name="minRecordLength" value="100"/>
</DataStore>
</Repository>

login-conf.xml :

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">

<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.

The outline of the application-policy is:
<application-policy name="security-domain-name">
<authentication>
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>

<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</authentication>
</application-policy>

$Revision: 64598 $
-->

<policy>
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name = "client-login">
<authentication>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>

<!-- Security domain for JBossMQ -->
<application-policy name = "jbossmq">
<authentication>
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
</authentication>
</application-policy>

<!-- Security domain for JBossMQ when using file-state-service.xml
<application-policy name = "jbossmq">
<authentication>
<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
</login-module>
</authentication>
</application-policy>
-->

<!-- Security domains for testing new jca framework -->
<application-policy name = "HsqlDbRealm">
<authentication>
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</authentication>
</application-policy>

<application-policy name = "JmsXARealm">
<authentication>
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</authentication>
</application-policy>

<!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>

<!-- A template configuration for the web-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "web-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">web-console-users.properties</module-option>
<module-option name="rolesProperties">web-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>

<!--
A template configuration for the JBossWS security domain.
This defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="JBossWS">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>

<!-- OpenKM -->
<application-policy name = "OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/okmdb</module-option>
<module-option name="principalsQuery">select usr_password as PASSWD from OKM_USER where usr_id=? and usr_active=true</module-option>
<module-option name="rolesQuery">select ur_role as ROLEID, 'Roles' from OKM_USER_ROLE where ur_user=?</module-option>
<module-option name="hashAlgorithm">md5</module-option>
<module-option name="hashEncoding">hex</module-option>
</login-module>
</authentication>
</application-policy>

<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name = "other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</authentication>
</application-policy>

</policy>


Please, could you help us ?

[jllort]

1 - tables has been created in your DBMS ( okm_app ) ?
2 - concentrate in two files openkm-ds.xml and login-config.xml ( for authentication ).

Execute on DMBS the query
select usr_password as PASSWD from OKM_USER where usr_id=? and usr_active=true
( usr_active could be 1 ? )

[rbaguia]

Ok. I have checked open-ds.xml and login-config.xml and they are correctly configured.

But I can't see the database OKM_APP in postgresql. How do I do to create the database ? Is it created manually or automatically by the application ?

Best regards,
Rodrigo

[jllort]

you must create okm_repo and okm_app ( that's are defined in repository.xml and openkm-ds.xml ), then at first time runing OpenKM it'll be created tables and some contents. That the initial task you must doing. Remember the user who use to connect to PostgreSQL must have grants to create tables, etc... in that databases.

[mateusz]

Hi,

I'm also trying to run OpenKM 5.0.1 on PostgreSQL, I have problem with datasource - error info:

Could not find datasource: java:/OpenKMDS
javax.naming.NameNotFoundException: OpenKMDS not bound

I read wiki and copy all configuration, and aplly changes only in database connection.

Are you sure that information in wiki pages is enough to run OpenKM on PostgreSQL?

[jllort]

put here your openkm-ds.xml configuration

[mateusz]

OpenkmDS

<local-tx-datasource>
<jndi-name>OpenKMDS</jndi-name>
<connection-url>jdbc:postgresql://localhost:5432/okm_app</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>openkm</user-name>
<password>q1w2e3r4</password>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
<idle-timeout-minutes>28680</idle-timeout-minutes>
<metadata>
<!-- <type-mapping>PostgreSQL</type-mapping> -->
<type-mapping>PostgreSQL 8.0</type-mapping>
<!-- <type-mapping>PostgreSQL 7.2</type-mapping> -->
</metadata>
</local-tx-datasource>

[jllort]

That seems is right, for testing do it:
1 - With jboss started,
2- Open openkm-ds.xml file and make some minimal change ( add space for example ) and save it
3- Take a look at server.log, what says about new deploying ?

[mateusz]

Response from console:

13:56:23,356 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 29s:843ms
13:57:38,359 ERROR [JBossErrorHandler] File .../deploy/openkm-ds.xml process fatal. Location: ; Line#: 487; Column#: 62. Error message: java.util.EmptyStackException

Server log in attachment.

[mateusz]

Current openkm-ds.xml using postgresql-8.4-702.jdbc4 driver

<local-tx-datasource>
<jndi-name>OpenKMDS</jndi-name>
<connection-url>jdbc:postgresql://localhost:5432/okm_app</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>openkm</user-name>
<password>q1w2e3r4</password>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
<idle-timeout-minutes>28680</idle-timeout-minutes>
<metadata>
<type-mapping>PostgreSQL</type-mapping>
<!-- <type-mapping>PostgreSQL 8.0</type-mapping> -->
<!-- <type-mapping>PostgreSQL 7.2</type-mapping> -->
</metadata>
</local-tx-datasource>

[rbaguia]

Hi,

How do I authenticate users in Postgresql?
Attached login-confi.xml

Sincerely,
Rodrigo

[jllort]

I hope the file starts with

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>

<datasources>
  <!-- OpenKM DataSource -->

and ends with

Code: Select all

</datasources>

That's mandatory. The file is not correcting deploying !!! the error is clear.

[mateusz]

HI,

This solution obviously works, sorry for this dumb question..

But right after this problem I have another two:

- I'm runing server on specific adress not localhost and this is first thing after login with okmAdmin credentials:

Code: Select all

2011-02-10 09:46:51,465 ERROR [com.openkm.frontend.server.OKMWorkspaceServlet] Connection timed out
java.net.ConnectException: Connection timed out

- After refreshing OpenKM, application seems working but when I chose Property groups from administration tab another error appears:

Code: Select all

2011-02-10 09:47:36,410 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/OpenKM].[PropertyGroupsServlet]] Servlet.service() for servlet PropertyGroupsServlet threw exception
java.net.ConnectException: Connection timed out
	at java.net.PlainSocketImpl.socketConnect(Native Method)

My main purpose is to check Web Services methods especially these from PropertyGroup (getProperties(),setProperties()) using Java client.