User & Role listing on OpenKM6.2_Community with openldap
PostPosted:Fri Nov 16, 2012 4:39 pm
After quite a bit of struggling, I finally got my OpenKM system integrated with openldap authorization. Now members in ROLE_ADMIN and ROLE_USER can log into the website normally with correct user permission.
However, when I checked Users and Roles in OpenKM administration panel, the only user inside was okmAdmin, group 'abcd' didn't show up either. I think something must be wrong in my OpenKM configuration but I couldn't find anything.
Here is my configuration. Can someone please help me? Thank you in advance!
For those who are also struggling on openldap integration on OpenKM 6.2, this configuration profile can be a good start since it works fine for login at least
.
OpenLDAP structure:
However, when I checked Users and Roles in OpenKM administration panel, the only user inside was okmAdmin, group 'abcd' didn't show up either. I think something must be wrong in my OpenKM configuration but I couldn't find anything.
Here is my configuration. Can someone please help me? Thank you in advance!
For those who are also struggling on openldap integration on OpenKM 6.2, this configuration profile can be a good start since it works fine for login at least
. OpenLDAP structure:
Code: Select all
OpenKM.xml
dc=ldap
dc=pumc
ou=groups
cn=ROLE_ADMIN, objectClass=posixGroup, memberUid = apple
cn=ROLE_USER, objectClass=posixGroup, memberUid = boy, memberUid = cat
cn=abcd, objectClass=posixGroup, memberUid = cat
ou=moodleusers
cn = apple, objectClass=inetOrgperson, uid = apple
cn = boy, objectClass=inetOrgperson, uid = boy
Code: Select all
OpenKM configuration
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.1.xsd">
<!-- Tasks configuration -->
<!--
<task:scheduler id="taskScheduler" pool-size="1"/>
<task:scheduled-tasks scheduler="taskScheduler">
<task:scheduled ref="textExtractorWorker" method="work" fixed-delay="60000"/>
</task:scheduled-tasks>
<beans:bean id="textExtractorWorker" class="com.openkm.extractor.TextExtractorWorker" />
-->
<!-- Security configuration -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://localhost:389/"/>
<beans:property name="userDn" value="oops"/>
<beans:property name="password" value="oops"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=groups,dc=pumc,dc=ldap"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false"/>
<beans:property name="rolePrefix" value=""/>
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=moodleusers,dc=pumc,dc=ldap"/>
<beans:constructor-arg index="1" value="cn={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
</beans:beans>
Code: Select all
principal.ldap.mail.attribute String mail
principal.ldap.mail.search.base String ou=moodleusers,dc=pumc,dc=ldap
principal.ldap.mail.search.filter String (&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral String follow
principal.ldap.role.attribute String cn
principal.ldap.role.search.base List ou=groups,dc=pumc,dc=ldap
principal.ldap.role.search.filter String (objectClass=posixGroup)
principal.ldap.roles.by.user.attribute String cn
principal.ldap.roles.by.user.search.base String ou=groups,dc=pumc,dc=ldap
principal.ldap.roles.by.user.search.filter String (memberUid={0})
principal.ldap.security.credentials String oops
principal.ldap.security.principal String oops
principal.ldap.server String ldap://localhost:389
principal.ldap.user.attribute String cn
principal.ldap.user.search.base List ou=moodleusers,dc=pumc,dc=ldap
principal.ldap.user.search.filter String (objectClass=inetOrgPerson)
principal.ldap.username.attribute String memberUid
principal.ldap.username.search.base String ou=moodleusers,dc=pumc,dc=ldap
principal.ldap.username.search.filter String (&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.users.by.role.attribute String memberUid
principal.ldap.users.by.role.search.base String ou=groups,dc=pumc,dc=ldap
principal.ldap.users.by.role.search.filter String (&(objectClass=posixGroup)(cn={0}))
principal.ldap.users.from.roles Boolean False