Difference between revisions of "LDAP and Active Directory user examples"

From OpenKM Documentation
Jump to: navigation, search
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
The examples described here has been shared by OpenKM users and should be taken with care.
 
The examples described here has been shared by OpenKM users and should be taken with care.
  
== LDAP example 1 ==
+
== Jboss LDAP example 1 ==
 
Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048
 
Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048
  
Line 62: Line 62:
 
         <module-option name="allowEmptyPasswords">false</module-option>
 
         <module-option name="allowEmptyPasswords">false</module-option>
 
     <!-- <module-option name="defaultRole">UserRole</module-option> -->
 
     <!-- <module-option name="defaultRole">UserRole</module-option> -->
 +
    </login-module>
 
     </authentication>
 
     </authentication>
 
</application-policy>
 
</application-policy>
 
</source>
 
</source>

Latest revision as of 17:20, 24 October 2012

The examples described here has been shared by OpenKM users and should be taken with care.

Jboss LDAP example 1

Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048

LDAP Structure

dc=fr
   dc=soc
      ou=groups
         cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
         cn=AdminRole, objectClass=posixGroup, memberUid = jack
      ou=people
         ou=intern
            cn = jack, objectClass=inetOrgperson, uid = jack
            cn = joe, objectClass=inetOrgperson, uid = joe

Configuration parameters

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true

login-config.xml

<application-policy name="OpenKM">
   <authentication>
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
         <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
         <module-option name="java.naming.security.authentication">simple</module-option>
         <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
         <module-option name="bindCredential">******</module-option>
         <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
         <module-option name="baseFilter">(uid={0})</module-option>
         <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
         <module-option name="roleFilter">(memberUid={0})</module-option>
         <module-option name="roleAttributeID">cn</module-option>
         <module-option name="roleAttributeIsDN">false</module-option>
         <module-option name="roleRecursion">-1</module-option>
         <module-option name="searchScope">SUBTREE_SCOPE</module-option>
         <module-option name="allowEmptyPasswords">false</module-option>
    <!-- <module-option name="defaultRole">UserRole</module-option> -->
    </login-module>
    </authentication>
</application-policy>