Open Source Document Management System | OpenKM

PostPosted:**Wed Mar 23, 2011 5:26 pm**

I have searched the forum, but cannot find an answer to my problem. I configured LDAP according to the wiki and authentication work perfectly. However, when I go to the Administration tab and click users I get errors in the log. The users are listed, but if I click on a group to view just the group's members, I get no results. Here is my OpenKM.cfg and the errors from the log:

OpenKM.cfg

Code: Select all

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://ldap.myDomain.net
principal.ldap.security.principal=CN=SvcUser,OU=Service Accounts,DC=myDomain,DC=local
principal.ldap.security.credentials=svcPassword
principal.ldap.user.search.base=ou=users, dc=myDomain,dc=local
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=CN=OpenKM DEV Users,OU=DEV,OU=OpenKM,OU=Applications,DC=myDomain,DC=local))
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=DEV,ou=OpenKM,ou=Applications,dc=myDomain,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=users,dc=myDomain,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.roles.by.user.search.filter=(&(objectClass=group)(cn={0}))
system.login.lowercase=on
default.admin.role=OpenKM DEV Administrators
default.user.role=OpenKM DEV Users

Log Errors: (The same error for each user)

Code: Select all

13:24:52,668 ERROR [STDERR] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
        'OU=users,DC=myDomain,DC=local'
]; remaining name 'cn=ken brayboy,ou=users,dc=myDomain,dc=local'
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at javax.naming.directory.InitialDirContext.search(Unknown Source)
13:24:52,668 ERROR [STDERR]     at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:200)
13:24:52,669 ERROR [STDERR]     at com.openkm.principal.LdapPrincipalAdapter.getMails(LdapPrincipalAdapter.java:111)
13:24:52,669 ERROR [STDERR]     at com.openkm.module.direct.DirectAuthModule.getMails(DirectAuthModule.java:853)
13:24:52,669 ERROR [STDERR]     at com.openkm.api.OKMAuth.getMails(OKMAuth.java:170)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.str2user(AuthServlet.java:389)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.userList(AuthServlet.java:250)
13:24:52,669 ERROR [STDERR]     at com.openkm.servlet.admin.AuthServlet.doGet(AuthServlet.java:93)
13:24:52,669 ERROR [STDERR]     at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
13:24:52,669 ERROR [STDERR]     at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
13:24:52,669 ERROR [STDERR]     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
13:24:52,669 ERROR [STDERR]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
13:24:52,670 ERROR [STDERR]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
13:24:52,670 ERROR [STDERR]     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
13:24:52,670 ERROR [STDERR]     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
13:24:52,670 ERROR [STDERR]     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
13:24:52,672 ERROR [STDERR]     at java.lang.Thread.run(Unknown Source)

PostPosted:**Thu Mar 24, 2011 12:21 pm**

You've got a complex ldap tree structure for what I'm seeing.

Appears in security popup the roles ?

With principal.ldap.role.search.base equals to principal.ldap.user.search.base not runs right ? Do you've got roles defined in other tree node, could you define into the same nodes or is not possible ?

PostPosted:**Thu Mar 24, 2011 12:35 pm**

jllort wrote:You've got a complex ldap tree structure for what I'm seeing.

Appears in security popup the roles ?

With principal.ldap.role.search.base equals to principal.ldap.user.search.base not runs right ? Do you've got roles defined in other tree node, could you define into the same nodes or is not possible ?

Thank you for your response.

Our AD administrator setup a tree structure just for OpenKM groups. Those groups are found in ldap.role.search.base. But the AD users who may be using OpenKM are in ou=users. It is not possible to define the groups in the same tree node as the users.

I'm not sure what you mean by security popup.

PostPosted:**Thu Mar 24, 2011 12:39 pm**

Select one document, and at bottom tabs select security -> change security it'll appearing the security popup, appears there the roles ?

http://wiki.openkm.com/index.php/Modifying_security

PostPosted:**Thu Mar 24, 2011 12:44 pm**

jllort wrote:Select one document, and at bottom tabs select security -> change security it'll appearing the security popup, appears there the roles ?

http://wiki.openkm.com/index.php/Modifying_security

Thank you. Right now we only have three roles defined. Only two of our roles appear in the security popup. The Admin role does not appear. Also, all of our users appear in the user tab.

PostPosted:**Thu Mar 24, 2011 3:14 pm**

AdminRole not appears because we're filtering.

It's strange because this case indicates that is getting all roles. Seems problem could be getting the roles associated to some user.

Other thing I see is username has white spaces, could you try with someone without spaces ? That could be the problem too.

PostPosted:**Thu Mar 24, 2011 3:42 pm**

Thanks. I'll give your suggestion a try. Thanks again.

Open Source Document Management System | OpenKM

LDAP User/Group Errors

LDAP User/Group Errors

Re: LDAP User/Group Errors

Re: LDAP User/Group Errors

Re: LDAP User/Group Errors

Re: LDAP User/Group Errors

Re: LDAP User/Group Errors

Re: LDAP User/Group Errors