Difference between revisions of "LDAP and Active Directory user examples"

From OpenKM Documentation
Jump to: navigation, search
(Created page with 'The examples described here has been shared by OpenKM users and should be taken with care. == LDAP example 1 == '''LDAP Structure''' <source lang="java"> dc=fr dc=soc o…')
 
Line 39: Line 39:
 
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
 
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
 
system.login.lowercase=true
 
system.login.lowercase=true
 +
</source>
 +
 +
login-config.xml
 +
<source lang="xml">
 +
<application-policy name="OpenKM">
 +
              <authentication>
 +
              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
 +
                <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
 +
                <module-option name="java.naming.security.authentication">simple</module-option>
 +
                <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
 +
                <module-option name="bindCredential">******</module-option>
 +
                <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
 +
                <module-option name="baseFilter">(uid={0})</module-option>
 +
                <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
 +
                <module-option name="roleFilter">(memberUid={0})</module-option>
 +
                <module-option name="roleAttributeID">cn</module-option>
 +
                <module-option name="roleAttributeIsDN">false</module-option>
 +
                <module-option name="roleRecursion">-1</module-option>
 +
                <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 +
                <module-option name="allowEmptyPasswords">false</module-option>
 +
        <!--        <module-option name="defaultRole">UserRole</module-option> -->
 +
              </login-module>
 +
              </authentication>
 +
            </application-policy>
 
</source>
 
</source>

Revision as of 16:01, 2 April 2012

The examples described here has been shared by OpenKM users and should be taken with care.

LDAP example 1

LDAP Structure 

dc=fr
   dc=soc
      ou=groups
         cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
         cn=AdminRole, objectClass=posixGroup, memberUid = jack
      ou=people
         ou=intern
            cn = jack, objectClass=inetOrgperson, uid = jack
            cn = joe, objectClass=inetOrgperson, uid = joe

Configuration parameters 

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true

login-config.xml 

<application-policy name="OpenKM">
              <authentication>
               <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                 <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
                 <module-option name="java.naming.security.authentication">simple</module-option>
                 <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
                 <module-option name="bindCredential">******</module-option>
                 <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
                 <module-option name="baseFilter">(uid={0})</module-option>
                 <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
                 <module-option name="roleFilter">(memberUid={0})</module-option>
                 <module-option name="roleAttributeID">cn</module-option>
                 <module-option name="roleAttributeIsDN">false</module-option>
                 <module-option name="roleRecursion">-1</module-option>
                 <module-option name="searchScope">SUBTREE_SCOPE</module-option>
                 <module-option name="allowEmptyPasswords">false</module-option>
         <!--        <module-option name="defaultRole">UserRole</module-option> -->
               </login-module>
              </authentication>
            </application-policy>
Retrieved from "https://www.openkm.com/wiki/index.php?title=LDAP_and_Active_Directory_user_examples&oldid=6339"