Difference between revisions of "LDAP and Active Directory user examples"
From OpenKM Documentation
(Created page with 'The examples described here has been shared by OpenKM users and should be taken with care. == LDAP example 1 == '''LDAP Structure''' <source lang="java"> dc=fr dc=soc o…') |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
The examples described here has been shared by OpenKM users and should be taken with care. | The examples described here has been shared by OpenKM users and should be taken with care. | ||
| − | == LDAP example 1 == | + | == Jboss LDAP example 1 == |
| + | Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048 | ||
| + | |||
'''LDAP Structure''' | '''LDAP Structure''' | ||
<source lang="java"> | <source lang="java"> | ||
| Line 39: | Line 41: | ||
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0})) | principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0})) | ||
system.login.lowercase=true | system.login.lowercase=true | ||
| + | </source> | ||
| + | |||
| + | '''login-config.xml''' | ||
| + | <source lang="xml"> | ||
| + | <application-policy name="OpenKM"> | ||
| + | <authentication> | ||
| + | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > | ||
| + | <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option> | ||
| + | <module-option name="java.naming.security.authentication">simple</module-option> | ||
| + | <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option> | ||
| + | <module-option name="bindCredential">******</module-option> | ||
| + | <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option> | ||
| + | <module-option name="baseFilter">(uid={0})</module-option> | ||
| + | <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option> | ||
| + | <module-option name="roleFilter">(memberUid={0})</module-option> | ||
| + | <module-option name="roleAttributeID">cn</module-option> | ||
| + | <module-option name="roleAttributeIsDN">false</module-option> | ||
| + | <module-option name="roleRecursion">-1</module-option> | ||
| + | <module-option name="searchScope">SUBTREE_SCOPE</module-option> | ||
| + | <module-option name="allowEmptyPasswords">false</module-option> | ||
| + | <!-- <module-option name="defaultRole">UserRole</module-option> --> | ||
| + | </login-module> | ||
| + | </authentication> | ||
| + | </application-policy> | ||
</source> | </source> | ||
Latest revision as of 17:20, 24 October 2012
The examples described here has been shared by OpenKM users and should be taken with care.
Jboss LDAP example 1
Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048
LDAP Structure
dc=fr
dc=soc
ou=groups
cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
cn=AdminRole, objectClass=posixGroup, memberUid = jack
ou=people
ou=intern
cn = jack, objectClass=inetOrgperson, uid = jack
cn = joe, objectClass=inetOrgperson, uid = joe
Configuration parameters
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true
login-config.xml
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
<module-option name="bindCredential">******</module-option>
<module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
<module-option name="roleFilter">(memberUid={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<!-- <module-option name="defaultRole">UserRole</module-option> -->
</login-module>
</authentication>
</application-policy>
