Page 1 of 1
Add user to group with LDAP
PostPosted:Wed Mar 16, 2011 2:33 pm
by michel-openkm
Hi,
I have a question
WE have LDAP connection now working, but is it possible to add users in a group?
Now all user are having adminrole or userrole dependent on the login config settings.
WE have made a group (Adminrole) in the ad, and add a user to this group. But it doesn't work. We can see the Adminrole group from the AD in Openkm.
I hope you can advise us in this.
Re: Add user to group with LDAP
PostPosted:Thu Mar 17, 2011 9:38 am
by jllort
Be care roles might be case sensitive don't write Adminrole use correct groups name AdminRole and UserRole.
Can you post login-config.xml I'm interesting on taking a look on it, because It's possible you got there UserRole as default role, and I want to be ensure you're really authenticating by some role not setting by default in login-config.xml
Re: Add user to group with LDAP
PostPosted:Thu Mar 17, 2011 1:50 pm
by michel-openkm
Here is or Login-config.xml
Code: Select all <application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://IP adres</module-option>
<module-option name="bindDN">CN=Login,OU=Or OU,DC=domain,DC=org</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">Password</module-option>
<module-option name="baseCtxDN">OU=or OU,DC=Domain,DC=org</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=OR OU,DC=Domain,DC=org</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="defaultRole">AdminRole</module-option>
</login-module>
</authentication>
</application-policy>
We have changed the values for privacy reasons .
If you can see we have AdminRole in the login-config. And also in the AD.
Re: Add user to group with LDAP
PostPosted:Fri Mar 18, 2011 9:27 am
by jllort
Remote it
Code: Select all<module-option name="defaultRole">AdminRole</module-option>
Because with it all users has AdminRole by default. Tell me if you are connecting to ldap after removing it ( you must restart jboss after changing it ).
Re: Add user to group with LDAP
PostPosted:Fri Mar 18, 2011 11:41 am
by michel-openkm
tnx it works,
But is it possible to use more than one OU? We have more users in different ou in the AD.
And is it possible to add profiles to users? That's doesn't works with LDAP.
Re: Add user to group with LDAP
PostPosted:Sat Mar 19, 2011 9:27 am
by jllort
In the case you expose there's no query for doing it directly ( I've not found any, if you found some one tell me ). In these special cases must be done a PrincipalLdapAdapter class that with program logic covers all your cases. Really it's easy to be done, but for doing yourself must install develop environment and make this simply program ( for example you can take a look the actual LdapPrincipalAdapter at
http://openkm.svn.sourceforge.net/viewv ... iew=markup ).
If you're interesting in our support program contact with us at
www.openkm.com/Contact