Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

principal.ldap.mail.search.filter

https://forum.openkm.com/viewtopic.php?t=4823

Page 1 of 1

principal.ldap.mail.search.filter

PostPosted:Wed Apr 06, 2011 7:40 am
by Catscratch
Hi,

I got a problem with the
Code: Select all
principal.ldap.mail.search.filter=(&(objectClass=person)(sAMAccountName={0}))
in the openKM.cfg.

At runtime no substitution of {0} is done.
In the file LdapPrincipalAdapter.java in the method ldapSearch at line 200 there is:
Code: Select all
NamingEnumeration<SearchResult> results = ctx.search(searchBase, searchFilter, searchCtls);
The searchFilter there is the same as in the openkm.cfg. Including {0} instead of the real sAMAccountName.
So openKM never finds an email address.

I used a ldap explorer to verify the parameters and if there would be the right sAMAccountName an user would be returned.

I'm using OpenKM 5.0.1.
Is there a way to fix this?

Thanks.

Re: principal.ldap.mail.search.filter

PostPosted:Wed Apr 06, 2011 8:11 am
by Catscratch
Hi,

I fixed it. It's an error/bug/missing feature in LdapPrincipalAdapter.java.

There in line 111.

The old version is:
Code: Select all
List<String> ldap = ldapSearch(
	Config.PRINCIPAL_LDAP_SERVER,
	Config.PRINCIPAL_LDAP_SECURITY_PRINCIPAL,
	Config.PRINCIPAL_LDAP_SECURITY_CREDENTIALS,
	MessageFormat.format(Config.PRINCIPAL_LDAP_MAIL_SEARCH_BASE, user), 
	Config.PRINCIPAL_LDAP_MAIL_SEARCH_FILTER, 
	Config.PRINCIPAL_LDAP_MAIL_ATTRIBUTE);
But it should be (new version from me):
Code: Select all
List<String> ldap = ldapSearch(
	Config.PRINCIPAL_LDAP_SERVER,
	Config.PRINCIPAL_LDAP_SECURITY_PRINCIPAL,
	Config.PRINCIPAL_LDAP_SECURITY_CREDENTIALS,
	MessageFormat.format(Config.PRINCIPAL_LDAP_MAIL_SEARCH_BASE, user), 
	MessageFormat.format(Config.PRINCIPAL_LDAP_MAIL_SEARCH_FILTER, user),
	Config.PRINCIPAL_LDAP_MAIL_ATTRIBUTE);
With this change the mail service is also possible with complex ldap structures separated in several sub groups.
May you check-in this fix to the source code please?

Thank you and best regards.

Re: principal.ldap.mail.search.filter

PostPosted:Thu Apr 07, 2011 7:47 am
by pavila
I expect to make a 5.0.4 release today and will include this improvement. Thanks!

Re: principal.ldap.mail.search.filter

PostPosted:Thu Apr 14, 2011 1:50 pm
by mario
Hi,

I have a similar problem,...

I want to authenticate our users via the "sAMAccountName" attribute
Login works with out problems.
Code: Select all
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
And i also want to use the "sAMAccountName" for the mail search filter.

My OpenKM.cfg mail part look like...
Code: Select all
principal.ldap.mail.search.base=OU=xxxx,OU=yyyyyy,OU=yxxyyx,.....
principal.ldap.mail.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail
But with this config. I'm not able to get any mail addresses.

If i change the config. to, for example to
Code: Select all
principal.ldap.mail.search.base=OU=xxxx,OU=yyyyyy,OU=yxxyyx,.....
principal.ldap.mail.search.filter=(&(objectClass=person)(sAMAccountName=mario))
principal.ldap.mail.attribute=mail
.... I get a mail address?

I'm using OpenKM 5.0.4.

I have also tested my search path stuff with a ldap client with success.
Is there something i'm missing?

Any help would be appreciated :-)

thanks

Mario

Re: principal.ldap.mail.search.filter

PostPosted:Thu Apr 14, 2011 4:57 pm
by Catscratch
Are you sure you're using 5.0.4?

This error should be fixed in this version. You're configuration is working for me.

Otherwise you may debug the application to see whats going wrong.
http://wiki.openkm.com/index.php/Developer_Guide

There you should debug the LdapPrincipalAdapter. See my first post above.

Re: principal.ldap.mail.search.filter

PostPosted:Fri Apr 15, 2011 6:43 am
by mario
Hi Catscratch ,

I have re checked my OpenKM Version (just to be sure :-) ).
OpenK'M says Version 5.0.4 (Build 5691).

In the repo. there are also your changes in (LdapPrincipalAdapter.java.) rev 5691 @ line 117 ?

Just for testing I changed the search base to:
Code: Select all
principal.ldap.mail.search.base=CN={0},OU=xxxx,OU=yyyyyy,OU=yxxyyx,.....
principal.ldap.mail.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail
As expected i got a InvalidNameException with :
Code: Select all
.....
CN=mario,OU=xxxx,OU=yyyyyy,...
.....
funny stuff :-)

Mario

Re: principal.ldap.mail.search.filter

PostPosted:Fri Apr 15, 2011 9:07 am
by Catscratch
That's strange.

I only may suggest you to remote debug the OpenKM server installation.
Otherwise you could use a ldap explorer to check is everything is present and readable in the AD. Use for example Apache Directory Studio (http://directory.apache.org/studio/) which is free and a very good tool.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited