Difference between revisions of "Testing LDAP configuration"
m |
m |
||
Line 1: | Line 1: | ||
− | LDAP configuration maybe a little | + | LDAP configuration maybe a little tricky sometimes. For this reason is very important following certain rules. First of all you need to configure JBoss LDAP authentication. If after that you can log into OpenKM, go ahead configuring OpenKM LDAP integration. |
− | OpenKM is an J2EE that uses an Application Server called JBoss. In J2EE web applications, autentication and authorization are task delegated to the Application Server. This can be achieved because OpenKM use [http://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service JAAS] and you need to configure JBoss to handle your users and passwords. JBoss has many predefined Login Modules which handles different the user and password storage, like RDBMS or LDAP. These Login Modules are configured at $JBOSS_HOME/server/default/conf/login-config.xml file. | + | OpenKM is an J2EE that uses an Application Server called JBoss. In J2EE web applications, autentication and authorization are task delegated to the Application Server. This can be achieved because OpenKM use [http://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service JAAS] and you need to configure JBoss to handle your users and passwords. JBoss has many predefined Login Modules which handles different the user and password storage, like RDBMS or LDAP. These Login Modules are configured at '''$JBOSS_HOME/server/default/conf/login-config.xml''' file. |
Once the user is logged into OpenKM, the application also need to know which users and roles are defined. In the case of the default database based authentication, you can even manage these users, passwords and roles from OpenKM Administration. But if you use another authentication and authorization backend like LDAP, you only will see these users and their password but no modification is allowed. | Once the user is logged into OpenKM, the application also need to know which users and roles are defined. In the case of the default database based authentication, you can even manage these users, passwords and roles from OpenKM Administration. But if you use another authentication and authorization backend like LDAP, you only will see these users and their password but no modification is allowed. | ||
+ | |||
+ | In OpenKM you need to configure these LDAP queries: | ||
+ | |||
+ | * Get all users | ||
+ | * Get all roles | ||
+ | * Get email from a user | ||
+ | * Get users in a role | ||
+ | * Get roles from a user | ||
+ | |||
+ | Every query needs three configuration properties: | ||
+ | |||
+ | * Search base | ||
+ | * Filter | ||
+ | * Attribute | ||
+ | |||
+ | So, the "get all users" query is composed by: | ||
+ | |||
+ | * principal.ldap.user.search.base | ||
+ | * principal.ldap.user.search.filter | ||
+ | * principal.ldap.user.attribute | ||
+ | |||
+ | {{Warning|Although OpenKM 5.1.x uses database for storing configuration properties, to simplify the usage this tool read these properties from OpenKM.cfg.}} | ||
+ | |||
+ | For this reason we have developed a tool for testing OpenKM configuration. This tool can be downloaded from http://www.openkm.com/download/OpenKM-5.1-LDAP.zip. | ||
+ | |||
+ | {{Note|With these configuration parameters you should be able to configure your LDAP. But in some cases, the user location is split in two or more branches. In this case you will need to develop a custom LDAP adapter which meets your particular requirements.}} | ||
[[Category: Installation Guide]] | [[Category: Installation Guide]] | ||
[[Category:OKM Network]] | [[Category:OKM Network]] |
Revision as of 08:15, 20 September 2011
LDAP configuration maybe a little tricky sometimes. For this reason is very important following certain rules. First of all you need to configure JBoss LDAP authentication. If after that you can log into OpenKM, go ahead configuring OpenKM LDAP integration.
OpenKM is an J2EE that uses an Application Server called JBoss. In J2EE web applications, autentication and authorization are task delegated to the Application Server. This can be achieved because OpenKM use JAAS and you need to configure JBoss to handle your users and passwords. JBoss has many predefined Login Modules which handles different the user and password storage, like RDBMS or LDAP. These Login Modules are configured at $JBOSS_HOME/server/default/conf/login-config.xml file.
Once the user is logged into OpenKM, the application also need to know which users and roles are defined. In the case of the default database based authentication, you can even manage these users, passwords and roles from OpenKM Administration. But if you use another authentication and authorization backend like LDAP, you only will see these users and their password but no modification is allowed.
In OpenKM you need to configure these LDAP queries:
- Get all users
- Get all roles
- Get email from a user
- Get users in a role
- Get roles from a user
Every query needs three configuration properties:
- Search base
- Filter
- Attribute
So, the "get all users" query is composed by:
- principal.ldap.user.search.base
- principal.ldap.user.search.filter
- principal.ldap.user.attribute
Although OpenKM 5.1.x uses database for storing configuration properties, to simplify the usage this tool read these properties from OpenKM.cfg. |
For this reason we have developed a tool for testing OpenKM configuration. This tool can be downloaded from http://www.openkm.com/download/OpenKM-5.1-LDAP.zip.