Hi,
we have been using OpenKM in our company for the past 7 months now and i have not heard anything bad about it from the users so credits to the developers for creating a good and reliable (and Open) application!
i have been trying to connect OpenKM to our company windows 2000 active directory.
i have read the documentation and all the forum posts (special thanks to Google translator) but i am afraid that i know to little to understand it all.
i would appreciate some help in setting up OpenKM AND my AD to work together. i have very little experiance in using AD and ldap.
here\'s what i have done so far!
in \" server/default/conf \" i have modified login-config.xml. in that file i have placed this:
in the OpenKM documentation i found this
also in the documentation i found this
anyway there are many things that i am not sure about but these are the things i know for sure:
Peter
we have been using OpenKM in our company for the past 7 months now and i have not heard anything bad about it from the users so credits to the developers for creating a good and reliable (and Open) application!
i have been trying to connect OpenKM to our company windows 2000 active directory.
i have read the documentation and all the forum posts (special thanks to Google translator) but i am afraid that i know to little to understand it all.
i would appreciate some help in setting up OpenKM AND my AD to work together. i have very little experiance in using AD and ldap.
here\'s what i have done so far!
in \" server/default/conf \" i have modified login-config.xml. in that file i have placed this:
Code: Select all
i have also commented out this. (i believe this is the standard credentials config)<application-policy name=\"OpenKM\">
<authentication>
<login-module code=\"org.jboss.security.auth.spi.LdapExtLoginModule\" flag=\"required\" >
<module-option name=\"java.naming.provider.url\">ldap://vabi-dc.vabi.nl:389</module-option>
<module-option name=\"bindDN\">CN=beheer,DC=vabi,DC=nl</module-option>
<module-option name=\"java.naming.security.authentication\">simple</module-option>
<module-option name=\"bindCredential\">user beheer password</module-option>
<module-option name=\"baseCtxDN\">DC=vabi,DC=nl</module-option>
<module-option name=\"baseFilter\">(sAMAccountName={0})</module-option>
<module-option name=\"rolesCtxDN\">DC=vabi,DC=nl</module-option>
<module-option name=\"roleFilter\">(sAMAccountName={0})</module-option>
<module-option name=\"roleAttributeID\">emmberOf</module-option>
<module-option name=\"roleAttributeIsDN\">true</module-option>
<module-option name=\"roleNameAttributeID\">cn</module-option>
<module-option name=\"roleRecursion\">-1</module-option>
<module-option name=\"searchScope\">SUBTREE_SCOPE</module-option>
<module-option name=\"defaultRole\">UserRol</module-option>
</login-module>
</authentication>
</application-policy>
Code: Select all
So Far So Good ? <!-- OpenKM --><!--
<application-policy name = \"OpenKM\">
<authentication>
<login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\" flag = \"required\">
<module-option name=\"usersProperties\">props/openkm-users.properties</module-option>
<module-option name=\"rolesProperties\">props/openkm-roles.properties</module-option>
</login-module>
<login-module code=\"org.jboss.security.ClientLoginModule\" flag=\"required\" />
</authentication>
</application-policy>-->
in the OpenKM documentation i found this
Only users having the “UserRol” set at <module-option name=”defaultRole”>UserRol</module-option> are allowed to access the OpenKM, therefore add this role to every authenticated user, because only users with that role are allowed to access OpenKM.so then in the AD i made a group called UserRol and made users that are going to be using OpenKM a member of this group ( do i have to do this?? )
also in the documentation i found this
An admin user must be created to run OpenKM, at the moment administrator user name must be “system” and must have assigned “AdminRol” and “UserRol”. In future releases administrator name will be independent.does this mean i have to make a user in the AD calles \'system\' and also make a group named AdminRole and make system a member of AdminRole????
anyway there are many things that i am not sure about but these are the things i know for sure:
- 1/ i have a user called \'beheer\' who had admin rights in the AD
2/ i know the password for the \'beheer\' account ;)
3/ i have a AD called VABI-DC.vabi.nl
Code: Select all
please can/will anybody take the time to help me out! i would realy appreciate it.2008-07-22 08:53:13,578 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=beheer
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name \'DC=vabi,DC=nl\'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:424)
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:351)
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:232)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
Peter