Difference between revisions of "Knowledge:Ldap examples"
From OpenKM Documentation
| Line 56: | Line 56: | ||
Take a look at ldap://192.168.17.40:389/'''dc=mnemo,dc=net''' indicates the default node, then <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO'''"/> really points to <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net'''"/> | Take a look at ldap://192.168.17.40:389/'''dc=mnemo,dc=net''' indicates the default node, then <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO'''"/> really points to <beans:constructor-arg value="'''ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net'''"/> | ||
| + | In this case group parameter is 0 <beans:property name="groupSearchFilter" value="'''uniqueMember={0}'''"/> | ||
| + | |||
| + | User dn are like uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net | ||
| + | |||
| + | Group '''cn=ROL_USER,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net''' has a property called '''uniqueMember''' with some user dn, like '''uniqueMember=uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net | ||
| + | ''' | ||
<source lang="xml"> | <source lang="xml"> | ||
<security:authentication-manager alias="authenticationManager"> | <security:authentication-manager alias="authenticationManager"> | ||
| Line 63: | Line 69: | ||
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | ||
<beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/> | <beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/> | ||
| − | <beans:property name="userDn" value="openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/> | + | <beans:property name="userDn" value="uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/> |
<beans:property name="password" value="123abc..."/> | <beans:property name="password" value="123abc..."/> | ||
</beans:bean> | </beans:bean> | ||
| Line 78: | Line 84: | ||
<beans:constructor-arg ref="contextSource"/> | <beans:constructor-arg ref="contextSource"/> | ||
<beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> | <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> | ||
| − | <beans:property name="groupSearchFilter" value="uniqueMember={ | + | <beans:property name="groupSearchFilter" value="uniqueMember={0}"/> |
<beans:property name="groupRoleAttribute" value="cn"/> | <beans:property name="groupRoleAttribute" value="cn"/> | ||
<beans:property name="searchSubtree" value="true" /> | <beans:property name="searchSubtree" value="true" /> | ||
Revision as of 18:59, 10 October 2012
case openldap
Take a look at: ldap://192.168.0.13:389/dc=macroct,dc=com which filter all ldap connection to this node. Then <beans:constructor-arg value="ou=roles"/> really points to <beans:constructor-arg value="ou=roles,dc=macroct,dc=com"/> and <beans:constructor-arg index="0" value="ou=organization" /> to <beans:constructor-arg index="0" value="ou=organization,dc=macroct,dc=com" />
Finally take in consideration the value 1 at <beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:constructor-arg value="ou=roles"/>
<beans:constructor-arg index="0" value="ou=organization" /> and
The configuration
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.0.13:389/dc=macroct,dc=com"/>
<beans:property name="userDn" value="cn=Manager,dc=macroct,dc=com"/>
<beans:property name="password" value="*****"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=roles"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=organization" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
unknow ldap
Take a look at ldap://192.168.17.40:389/dc=mnemo,dc=net indicates the default node, then <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/> really points to <beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
In this case group parameter is 0 <beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
User dn are like uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
Group cn=ROL_USER,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net has a property called uniqueMember with some user dn, like uniqueMember=uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://192.168.17.40:389/dc=mnemo,dc=net"/>
<beans:property name="userDn" value="uid=openkm_admin@mnemo.com,ou=OpenKM,ou=aplicaciones,ou=MNEMO,dc=mnemo,dc=net"/>
<beans:property name="password" value="123abc..."/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=OpenKM,ou=aplicaciones,ou=MNEMO"/>
<beans:property name="groupSearchFilter" value="uniqueMember={0}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="false" />
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
