Open KM not getting users or roles from AD
PostPosted:Wed Nov 16, 2011 7:31 pm
I have successfully configured my login-config.xml I currently have 2 groups in active directory, one is called AdminRole, the other is called UserRole. When I log into OpenKM, users that are MemberOf the AdminRole have admin access, and users that are MemberOf the UserRole have user access so everything is working there. Problem is when I get into openKM as an Admin and go to the Users tab, I get no users or roles shown. I'm running the latest version of OpenKM on Server 2008R2.
Here is my login-config.xml for reference:
CN=AdminRole,OU=OpenKM,OU=Groups,OU=UPG,OU=Departments,DC=my,DC=domain,DC=com
CN=UserRole,OU=OpenKM,OU=Groups,OU=UPG,OU=Departments,DC=my,DC=domain,DC=com
I have all of these settings in the openKM Administration, but they don't work and I'm sure I am misunderstanding how to implement my settings properly.
Here is my login-config.xml for reference:
Code: Select all
Here are the DNs to my roles: <authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://myserver:636</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="bindDN">CN=Administrator,ou=Processes,ou=Enterprise Resources,DC=my,DC=domain,DC=com</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">Password</module-option>
<module-option name="baseCtxDN">ou=Accounts,DC=my,DC=domain,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">ou=Accounts,DC=my,DC=domain,DC=com</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleRecursion">0</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>
CN=AdminRole,OU=OpenKM,OU=Groups,OU=UPG,OU=Departments,DC=my,DC=domain,DC=com
CN=UserRole,OU=OpenKM,OU=Groups,OU=UPG,OU=Departments,DC=my,DC=domain,DC=com
I have all of these settings in the openKM Administration, but they don't work and I'm sure I am misunderstanding how to implement my settings properly.
Code: Select all
Any help would be great!system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://192.168.0.6
principal.ldap.security.principal=CN=Administrator,ou=Processes,ou=Enterprise Resources,DC=my,DC=domain,DC=com
principal.ldap.security.credentials=password
principal.ldap.user.search.base=ou=Accounts,dc=my,dc=domain,dc=com
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=cn
principal.ldap.role.search.base=ou=Accounts,dc=my,dc=domain,dc=com
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=Accounts,dc=my,dc=domain,dc=com
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.attribute=mail
principal.ldap.users.by.role.search.base=cn={0},ou=Accounts,dc=my,dc=domain,dc=com
principal.ldap.users.by.role.search.filter=(objectclass=group)
principal.ldap.users.by.role.attribute=member
principal.ldap.roles.by.user.search.base=cn={0},ou=Accounts,dc=my,dc=domain,dc=com
principal.ldap.roles.by.user.search.filter=(objectClass=person)
principal.ldap.roles.by.user.attribute=memberOf