OpenKM and Windows Active Directory error
PostPosted:Tue May 10, 2011 8:10 am
Hi,
I have a OpenKM version 5.0.4 installed on Ubuntu 10.10 server edition and an Active Directory on Windows server 2003. I can login used AD account successful. But in server.log I see some error and I can't show full user list by a role (only one user shown in each role).
My AD structure is:
I have a OpenKM version 5.0.4 installed on Ubuntu 10.10 server edition and an Active Directory on Windows server 2003. I can login used AD account successful. But in server.log I see some error and I can't show full user list by a role (only one user shown in each role).
My AD structure is:
Code: Select all
And this my config in OpenKM.cfg
dc=com
|_dc=mydomain
|_OU=company
| |_OU=Dept. 1
| | |_user1
| | |_user2
| |_OU=Dept. 2
| | |_user3
| | |_user4
| |_OU=Dept. 3
| |_OU=Group 1
| |_user5
| |_user6
|_OU=OpenKM
| |_Group OpenKMusers (members: user1, user2, user3, user4, user5)
| |_Group OpenKMadmins (members: user1)
| |_Group OpenKMroles (members: OpenKMusers, OpenKMadmins, OpenKMrole1, OpenKMrole2)
| |_Group OpenKMrole1 (members: user1, user2, user3)
| |_Group OpenKMrole2 (members: user4, user5)
|_....
Code: Select all
My login-config.xml
default.user.role=OpenKMusers
default.admin.role=OpenKMadmins
system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://my_AD_IPaddress
principal.ldap.security.principal=cn=user1,ou=Dept.1,ou=company,dc=mydomain,dc=com
principal.ldap.security.credentials=my_password
principal.ldap.user.search.base=dc=mydomain,dc=com
principal.ldap.user.search.filter=(&(objectclass=user)(memberOf=cn=OpenKMusers,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.user.attribute=sAMAccountName
principal.ldap.role.search.base=dc=mydomain,dc=com
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=cn=OpenKMroles,ou=OpenKM,dc=mydomain,dc=com))
principal.ldap.role.attribute=sAMAccountName
principal.ldap.mail.search.base=dc=mydomain,dc=com
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail
principal.ldap.users.by.role.search.base=ou=OpenKM,dc=mydomain,dc=com
principal.ldap.users.by.role.search.filter=(sAMAccountName={0})
principal.ldap.users.by.role.attribute=member
principal.ldap.roles.by.user.search.base=dc=mydomain,dc=com
principal.ldap.roles.by.user.search.filter=(sAMAccountName={0})
principal.ldap.roles.by.user.attribute=memberOf
Code: Select all
My server.log show error as below:
<!-- OpenKM -->
<application-policy name = "OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://my_AD_IPaddress</module-option>
<module-option name="bindDN">cn=user1,ou=Dept.1,ou=company,dc=mydomain,dc=com</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="bindCredential">my_password</module-option>
<module-option name="baseCtxDN">dc=mydomain,dc=com</module-option>
<module-option name="baseFilter">(&(sAMAccountName={0})(memberOf=CN=OpenKMusers,OU=OpenKM,dc=mydomain,dc=com))</module-option>
<module-option name="rolesCtxDN">dc=mydomain,dc=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">sAMAccountName</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<!--<module-option name="defaultRole">UserRole</module-option>-->
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Code: Select all
2011-05-10 13:06:46,088 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,094 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:57)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:785)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.openkm.api.OKMAuth.getUsers(OKMAuth.java:134)
2011-05-10 13:06:46,094 ERROR [STDERR] at com.openkm.frontend.server.OKMAuthServlet.getAllUsers(OKMAuthServlet.java:524)
Code: Select all
2011-05-10 13:06:46,341 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,341 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,341 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,341 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,341 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,341 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,341 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,342 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.getRoles(LdapPrincipalAdapter.java:85)
2011-05-10 13:06:46,342 ERROR [STDERR] at com.openkm.module.direct.DirectAuthModule.getRoles(DirectAuthModule.java:802)
2011-05-10 13:06:46,342 ERROR [STDERR] at com.openkm.api.OKMAuth.getRoles(OKMAuth.java:143)
2011-05-10 13:06:46,342 ERROR [STDERR] at com.openkm.frontend.server.OKMAuthServlet.getAllRoles(OKMAuthServlet.java:551)
Code: Select all
2011-05-10 13:06:46,347 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:46,347 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:57)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:785)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.openkm.api.OKMAuth.getUsers(OKMAuth.java:134)
2011-05-10 13:06:46,348 ERROR [STDERR] at com.openkm.frontend.server.OKMAuthServlet.getAllUsers(OKMAuthServlet.java:524)
Code: Select all
Please help me resolve these errors. Thanks2011-05-10 13:06:47,116 ERROR [STDERR] javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=mydomain,dc=com'
2011-05-10 13:06:47,117 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:203)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.openkm.principal.LdapPrincipalAdapter.getRolesByUser(LdapPrincipalAdapter.java:160)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.openkm.module.direct.DirectAuthModule.getRolesByUser(DirectAuthModule.java:836)
2011-05-10 13:06:47,117 ERROR [STDERR] at com.openkm.api.OKMAuth.getRolesByUser(OKMAuth.java:161)