Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

How to configure LDAP in openkm-6.2.0-community?

https://forum.openkm.com/viewtopic.php?t=8288

Page 1 of 1

How to configure LDAP in openkm-6.2.0-community?

PostPosted:Wed Oct 10, 2012 4:10 pm
by i.zemliansky
Hello to everyone.

As soon as new community release moved to the production I would like to touch the topic of configuring LDAP in this newest app. As I can see the folder structure slightly changed in comparison to the v.5.1.0 and, for example, I can not find login-config.xml file. Am I right that all the necessary configuration is done via Administration -> Configuration menu?

Thank you in advance.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Thu Oct 11, 2012 5:27 pm
by jllort
The configuration is on OpenKM.xml, security has changed in version 6 and now is using spring, if you do not use our wiki documentation http://wiki.openkm.com/index.php/Installation_Guide then you should google for spring security ldap

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Fri Oct 26, 2012 1:12 pm
by ashley_420
Hi,

I am struggling with the same from couple of days, but could not get it working. I have tried the configurations given in the wiki here http://wiki.openkm.com/index.php/Active ... egration_2.

I can see users and groups populated in the administration view. I have created ROLE_ADMIN and ROLE_USER group in AD and assigned users to it. However, i still can not:-

1. Login using my AD username and password.
2. Can not assign any role to a user.

I enabled debugging also and found the following
Code: Select all
2012-10-26 14:57:30,063 [http-bio-0.0.0.0-80-exec-4] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
	'DC=DOMAIN,DC=local'
 ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
	'DC=DOMAIN,DC=local'
 ]; remaining name 'dc=DOMAIN,dc=local'
2012-10-26 14:57:30,063 [http-bio-0.0.0.0-80-exec-4] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2012-10-26 14:57:30,063 [http-bio-0.0.0.0-80-exec-4] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@9a4d14
2012-10-26 14:57:30,063 [http-bio-0.0.0.0-80-exec-4] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.jsp?error=1
2012-10-26 14:57:30,063 [http-bio-0.0.0.0-80-exec-4] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/OpenKM/login.jsp?error=1'
I am not sure what I am missing and how to fix it. Any help would be highly appreciated.

Thanks in advance.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Sat Oct 27, 2012 6:14 pm
by jllort
Post here your ldap structure and the OpenKM.xml file you're using. I suppose you have created ROLE_USER and ROLE_ADMIN ( uppercase in your ldap ) and assigned to users ( created okmAdmin too ). Tell us if you're on active directory, openldap or other..

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Sun Oct 28, 2012 7:10 pm
by ashley_420
Hi,

We are using Windows 2003 Active Directory and our AD Structure is as below:-
Code: Select all
Our user accounts are distributed under deifferent nodes as below:
       For example:
	CN=USER1,OU=DEPARTMENT1,OU=COUNTRY1,DC=DOMAIN,DC=local  
	CN=USER2,OU=DEPARTMENT2,OU=COUNTRY2,DC=DOMAIN,DC=local
	CN=USER3,OU=DEPARTMENT3,OU=COUNTRY3,DC=DOMAIN,DC=local         

    All AD groups are are also distributed under deifferent nodes as below:
       For example:
       OU=Group1,OU=DOMAIN_Groups1,DC=DOMAIN,DC=local
       OU=Group2,OU=DOMAIN_Groups2,DC=DOMAIN,DC=local
       OU=Group3,OU=DOMAIN_Groups3,DC=DOMAIN,DC=local
However, based on configuration example and to make things easier first time, ROLE_ADMIN, ROLE_USER groups and okmAdmin user is created under default "users" container as below
Code: Select all
CN=ROLE_ADMIN,CN=Users,DC=DOMAIN,DC=local
CN=ROLE_USER,CN=Users,DC=DOMAIN,DC=local
CN=okm Admin,CN=Users,DC=DOMAIN,DC=local
My OpenKM.XML file is as below:-
Code: Select all
<security:authentication-manager alias="authenticationManager">
  <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://192.168.1.2:389/dc=domain,dc=local"/>
  <beans:property name="userDn" value="CN=binduser,OU=Bind Accounts,dc=domain,dc=local"/>
  <beans:property name="password" value="binduserpassword"/>
  </beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="objectclass=group"/>
      <beans:property name="groupSearchFilter" value="memberOf={1}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" /> 
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="" />
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
  </beans:bean>
Thanks in advance.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Mon Oct 29, 2012 7:26 pm
by jllort
I suggest remove dc=domain,dc=local with acitive directory installations I get some problems on get it here:
Code: Select all
<beans:constructor-arg value="ldap://192.168.1.2:389"/>
About it:
Code: Select all
<beans:constructor-arg value="objectclass=group"/>
<beans:property name="groupSearchFilter" value="memberOf={1}"/>
Replace to:
Code: Select all
<beans:constructor-arg value="[b]dc=domain,dc=local[/b]"/>
<beans:property name="groupSearchFilter" value="member={0}"/>
And it:
Code: Select all
 <beans:constructor-arg index="0" value="" />
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
Replace to:
Code: Select all
 <beans:constructor-arg index="0" value="[b]dc=domain,dc=local[/b]" />
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
Finally sometimes is necessary add into <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">...</beans:bean>:
Code: Select all
<beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
Note: is strange form the the white space on cn CN=okm Admin,CN=Users,DC=DOMAIN,DC=local hope user sAMAccountName=okmAdmin no ?

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Tue Oct 30, 2012 5:20 pm
by ashley_420
Thanks for your suggestions jllort. I followed your suggestions and now I am able to login using the credentials of okmadmin account I created in AD.

CN=okm Admin,CN=Users,DC=DOMAIN,DC=local is DN. Yes, user sAMAccountName=okmAdmin. Below is my working OpenKM.XML
Code: Select all
<security:authentication-manager alias="authenticationManager">
  <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://192.168.1.2:389/"/>
  <beans:property name="userDn" value="CN=binduser,OU=Bind Accounts,dc=domain,dc=local"/>
  <beans:property name="password" value="bindpassword"/>
  <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="dc=domain,dc=local"/>
      <beans:property name="groupSearchFilter" value="memberOf={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" /> 
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="dc=domain,dc=local"/>
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
  </beans:bean>
</beans:beans>


However, the ROLE_ADMIN is not applied to user okmadmin. The administration tab has disappeared and I can not make any use of the system as I can not do anything with the system. I see the error "Not granted any authorities" in catalina logs as below:-
Code: Select all
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/frontend/mail'; against '/frontend/**'
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /frontend/Mail; Attributes: [IS_AUTHENTICATED_FULLY]
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@f5087569: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@f50802c5: Dn: cn=okm Admin,cn=Users,dc=domain,dc=local; Username: okmadmin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: 192.168.1.5; SessionId: 7BF88D33F60A9D5A667872EB89B717F2; Not granted any authorities
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@12e12fd, returned: 0
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@1e0a5c6, returned: 1
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2012-10-30 18:11:07,971 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.FilterChainProxy - /frontend/Mail reached end of additional filter chain; proceeding with original chain
2012-10-30 18:11:07,986 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2012-10-30 18:11:07,986 [http-bio-0.0.0.0-80-exec-14] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2012-10-30 18:11:14,861 [http-bio-0.0.0.0-80-exec-15] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2012-10-30 18:11:14,861 [http-bio-0.0.0.0-80-exec-15] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2012-10-30 18:11:14,893 [http-bio-0.0.0.0-80-exec-7] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2012-10-30 18:11:14,893 [http-bio-0.0.0.0-80-exec-7] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
The settings I used in configuration view are as below:-
Code: Select all
system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
 
principal.ldap.server=ldap://192.168.1.2
principal.ldap.security.principal=CN=Binduser,cn=Bind Accounts,dc=DOMAIN,dc=local
principal.ldap.security.credentials=bindpassword
 
principal.ldap.user.search.base=dc=DOMAIN,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=sAMAccountName
 
principal.ldap.role.search.base=dc=DOMAIN,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
 
principal.ldap.mail.search.base=dc=DOMAIN,dc=local
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail
 
principal.ldap.username.search.base=dc=DOMAIN,dc=local
principal.ldap.username.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.username.attribute=cn
 
principal.ldap.users.by.role.search.base=dc=DOMAIN,dc=local
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.users.by.role.attribute=member
 
principal.ldap.roles.by.user.search.base=dc=DOMAIN,dc=local
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.roles.by.user.attribute=memberOf
Any suggestions to get this working are highly appreciated. Thanks in advance.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Wed Oct 31, 2012 4:02 pm
by ashley_420
Hi,

I worked a little on it and changed this
Code: Select all
<beans:property name="groupSearchFilter" value="memberOf={0}"/>
to this
Code: Select all
<beans:property name="groupSearchFilter" value="(objectClass=group)"/>
Now all users can login and everyone is an Administrator to OpenKM. I am not sure what I am missing or doing wrong here.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Fri Nov 02, 2012 6:32 pm
by jllort
You should continue working with OpenKM.xml file the problem is on getting users by roles.
With actual (objectClass=group) you are setting all roles to any user really you want to select only roles which have the user ( for it should be used memberOf or member ).

Read it: http://static.springsource.org/spring-s ... lator.html

And if you want you can enable debug of org.springframework.security packate. Take a look here http://wiki.openkm.com/index.php/Debug_with_tomcat

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Sun Nov 04, 2012 8:58 pm
by gimla
Hi
I have a little problem with administrator accounts. I can log in, and can see a administrator bookmark, but when I click on it, I get page with text: "Unauthorized access".
When I use standard log in without LDAP, I can see(from LDAP) users, roles - > everything looks alright.

I will be glad for any help.

Ldap config:
Code: Select all
principal.ldap.mail.attribute = mail       
principal.ldap.mail.search.base = ou=users,o=cz       
principal.ldap.mail.search.filter = (&(objectClass=inetOrgPerson)(cn={0}))       
principal.ldap.referral = follow       
principal.ldap.role.attribute = cn       
principal.ldap.role.search.base = ou=groups,o=cz       
principal.ldap.role.search.filter = (cn=ZAM_*)       
principal.ldap.roles.by.user.attribute = groupMembership       
principal.ldap.roles.by.user.search.base = ou=users,o=cz       
principal.ldap.roles.by.user.search.filter = (&(objectClass=inetOrgPerson)(cn={0}))       
principal.ldap.security.credentials =       
principal.ldap.security.principal =       
principal.ldap.server = ldaps://ldap.xxx:636       
principal.ldap.user.attribute = cn       
principal.ldap.user.search.base = ou=users,o=cz       
principal.ldap.user.search.filter = (groupMembership=cn=ZAM_xxx,ou=xxx,ou=groups,o=cz)       
principal.ldap.username.attribute = fullName       
principal.ldap.username.search.base = ou=users,o=cz       
principal.ldap.username.search.filter = (&(objectClass=inetOrgPerson)(cn={0}))       
principal.ldap.users.by.role.attribute = member       
principal.ldap.users.by.role.search.base = ou=groups,o=cz       
principal.ldap.users.by.role.search.filter = (&(objectClass=posixGroup)(cn={0}))       
principal.ldap.users.from.roles = false 
system.login.lowercase=true
OpenKM.xml:
Code: Select all
<security:authentication-manager alias="authenticationManager">
  <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldaps://ldap.xxx:636/"/>
  <beans:property name="userDn" value=""/>
  <beans:property name="password" value=""/>
  <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="ou=groups,o=cz"/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="true" />
      <beans:property name="rolePrefix" value="" /> 
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="ou=users,o=cz"/>
  <beans:constructor-arg index="1" value="cn={0}" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
  </beans:bean>

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Mon Nov 05, 2012 9:09 am
by ashley_420
Thanks for the pointers jllort. After making some tweaks to the LDAP configuration, it is working exactly as I wanted. Here is my working OpenKM.XML
Code: Select all
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://192.168.1.2/"/>
  <beans:property name="userDn" value="CN=binduser,OU=Bind Accounts,dc=DOMAIN,dc=local"/>
  <beans:property name="password" value="bindpassword"/>
  <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="DC=DOMAIN,DC=local"/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false"/>
      <beans:property name="rolePrefix" value=""/> 
	</beans:bean>
  </beans:constructor-arg>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="dc=DOMAIN,dc=local"/>
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
  </beans:bean>
LDAP configuration:-
Code: Select all
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users= true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=dc=DOMAIN,dc=local
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=dc=DOMAIN,dc=local
principal.ldap.role.search.filter=(cn=ROLE_*)
principal.ldap.roles.by.user.attribute=memberOf
principal.ldap.roles.by.user.search.base=dc=DOMAIN,dc=local
principal.ldap.roles.by.user.search.filter=(&(objectClass=person)(sAMAccountName={0}))
principal.ldap.security.credentials=bindpassword
principal.ldap.security.principal=CN=binduser,OU=Bind Accounts,dc=DOMAIN,dc=local
principal.ldap.server=ldap://192.168.1.2
principal.ldap.user.attribute=sAMAccountName
principal.ldap.user.search.base=dc=DOMAIN,dc=local
principal.ldap.user.search.filter=(&(objectClass=user)(objectCategory=person))
principal.ldap.username.attribute=cn
principal.ldap.username.search.base=dc=DOMAIN,dc=local
principal.ldap.username.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute=member
principal.ldap.users.by.role.search.base=dc=DOMAIN,dc=local
principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0}))
principal.ldap.users.from.roles=false
system.login.lowercase=true
Thanks for your help.

Re: How to configure LDAP in openkm-6.2.0-community?

PostPosted:Tue Nov 06, 2012 9:24 pm
by jllort
gimla add other post for your problem, do not merge all here please, because in this post the ldap was active directory and yours seems open ldap.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited