Open Source Document Management System | OpenKM

PostPosted:**Tue Dec 13, 2011 10:19 am**

Please help me config my AD
My AD structure:

dc=com
    |_dc=icbv
           |_dc=hq
                 |_OU=SGD3
                     |_OU=Users
                          |_cn=user1
                          |_cn=user2
                          |_cn=Group 1

and login-config.xml

Code: Select all

<application-policy name = "OpenKM">
      <authentication>
		<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
          <module-option name="java.naming.provider.url">ldap://hq.icbv.com</module-option>          
          <module-option name="bindDN">CN=user1,ou=Users,ou=SGD3,DC=hq,DC=icbv,DC=com</module-option>
          <module-option name="java.naming.security.authentication">simple</module-option>
          <module-option name="bindCredential">Wsx123456</module-option>
          <module-option name="baseCtxDN">ou=Users,ou=SGD3,DC=hq,DC=icbv,DC=com</module-option>
          <module-option name="baseFilter">(sAMAccountName={0})</module-option>
          <module-option name="rolesCtxDN">ou=Users,ou=SGD3,DC=hq,DC=icbv,DC=com</module-option>
          <module-option name="roleFilter">(sAMAccountName={0})</module-option>
          <module-option name="roleAttributeID">memberOf</module-option>
          <module-option name="roleAttributeIsDN">true</module-option>
          <module-option name="roleRecursion">0</module-option>
          <module-option name="roleNameAttributeID">cn</module-option>
          <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
          <module-option name="allowEmptyPasswords">false</module-option>
          <module-option name="java.naming.referral">follow</module-option>
        </login-module>
      </authentication>

When I login webpage errror:

server log:

Code: Select all

2011-12-13 17:13:36,150 DEBUG [org.jboss.security.plugins.JaasSecurityManager.OpenKM] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@1555543
2011-12-13 17:13:36,150 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@138d0b
2011-12-13 17:13:36,150 DEBUG [org.jboss.security.plugins.JaasSecurityManager.OpenKM] CachePolicy set to: org.jboss.util.TimedCachePolicy@190d35e
2011-12-13 17:13:36,150 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@190d35e
2011-12-13 17:13:36,150 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added OpenKM, org.jboss.security.plugins.SecurityDomainContext@124ed3b to map

Thank!

PostPosted:**Wed Dec 14, 2011 11:15 am**

Every OpenKM user should have the role UserRole or AdminRole to log into OpenKM.

PostPosted:**Wed Dec 14, 2011 7:16 pm**

Extend log to see what happens with class "org.jboss.security.auth"

Take a look here how doing it http://wiki.openkm.com/index.php/Debugging_OpenKM and then we can see which roles etc.. you're getting with your ldap queries

PostPosted:**Fri Dec 23, 2011 2:33 am**

I must have UserRole group and AdminRole Group in AD structure?
this is madatory?

PostPosted:**Sat Dec 24, 2011 8:08 am**

Obviously, because OpenKM security need for getting users connection grant to OpenKM. UserRole and AdminRole are used by application to get connection grant. The other roles defined by you are used across all repository you can set by secutiry but UserRole and AdminRole are defined into web.xml file where's defined application security ( not internal repository security that's what you're setting using UI ).

Open Source Document Management System | OpenKM

ACTIVE DIRECTORY Configuration

ACTIVE DIRECTORY Configuration

Re: ACTIVE DIRECTORY Configuration

Re: ACTIVE DIRECTORY Configuration

Re: ACTIVE DIRECTORY Configuration

Re: ACTIVE DIRECTORY Configuration