Difference between revisions of "LDAP and Active Directory user examples"

From OpenKM Documentation
Jump to: navigation, search
(Created page with 'The examples described here has been shared by OpenKM users and should be taken with care. == LDAP example 1 == '''LDAP Structure''' <source lang="java"> dc=fr dc=soc o…')
 
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
The examples described here has been shared by OpenKM users and should be taken with care.
 
The examples described here has been shared by OpenKM users and should be taken with care.
  
== LDAP example 1 ==
+
== Jboss LDAP example 1 ==
 +
Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048
 +
 
 
'''LDAP Structure'''
 
'''LDAP Structure'''
 
<source lang="java">
 
<source lang="java">
Line 39: Line 41:
 
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
 
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
 
system.login.lowercase=true
 
system.login.lowercase=true
 +
</source>
 +
 +
'''login-config.xml'''
 +
<source lang="xml">
 +
<application-policy name="OpenKM">
 +
  <authentication>
 +
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
 +
        <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
 +
        <module-option name="java.naming.security.authentication">simple</module-option>
 +
        <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
 +
        <module-option name="bindCredential">******</module-option>
 +
        <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
 +
        <module-option name="baseFilter">(uid={0})</module-option>
 +
        <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
 +
        <module-option name="roleFilter">(memberUid={0})</module-option>
 +
        <module-option name="roleAttributeID">cn</module-option>
 +
        <module-option name="roleAttributeIsDN">false</module-option>
 +
        <module-option name="roleRecursion">-1</module-option>
 +
        <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 +
        <module-option name="allowEmptyPasswords">false</module-option>
 +
    <!-- <module-option name="defaultRole">UserRole</module-option> -->
 +
    </login-module>
 +
    </authentication>
 +
</application-policy>
 
</source>
 
</source>

Latest revision as of 17:20, 24 October 2012

The examples described here has been shared by OpenKM users and should be taken with care.

Jboss LDAP example 1

Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048

LDAP Structure

dc=fr
   dc=soc
      ou=groups
         cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
         cn=AdminRole, objectClass=posixGroup, memberUid = jack
      ou=people
         ou=intern
            cn = jack, objectClass=inetOrgperson, uid = jack
            cn = joe, objectClass=inetOrgperson, uid = joe

Configuration parameters

principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true

login-config.xml

<application-policy name="OpenKM">
   <authentication>
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
         <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
         <module-option name="java.naming.security.authentication">simple</module-option>
         <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
         <module-option name="bindCredential">******</module-option>
         <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
         <module-option name="baseFilter">(uid={0})</module-option>
         <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
         <module-option name="roleFilter">(memberUid={0})</module-option>
         <module-option name="roleAttributeID">cn</module-option>
         <module-option name="roleAttributeIsDN">false</module-option>
         <module-option name="roleRecursion">-1</module-option>
         <module-option name="searchScope">SUBTREE_SCOPE</module-option>
         <module-option name="allowEmptyPasswords">false</module-option>
    <!-- <module-option name="defaultRole">UserRole</module-option> -->
    </login-module>
    </authentication>
</application-policy>