Difference between revisions of "Testing LDAP configuration"

From OpenKM Documentation
Jump to: navigation, search
m
Line 32: Line 32:
  
 
{{Note|With these configuration parameters you should be able to configure your LDAP. But in some cases, the user location is split in two or more branches. In this case you will need to develop a custom LDAP adapter which meets your particular requirements.}}
 
{{Note|With these configuration parameters you should be able to configure your LDAP. But in some cases, the user location is split in two or more branches. In this case you will need to develop a custom LDAP adapter which meets your particular requirements.}}
 +
 +
To execute the utility try:
 +
 +
$ java -jar testLdap.jar
 +
 +
And will provide you the available options:
 +
 +
java -jar testLdap ACTION
 +
Where ACTION can be:
 +
  * getUsers
 +
  * getRoles
 +
  * getMail (need an additional parameter)
 +
  * getUsersByRole (need an additional parameter)
 +
  * getRolesByUser (need an additional parameter)
 +
 +
So if you want to get the list of users, you need to run:
 +
 +
$ java -jar testLdap getUsers
  
 
[[Category: Installation Guide]]
 
[[Category: Installation Guide]]
 
[[Category:OKM Network]]
 
[[Category:OKM Network]]

Revision as of 11:06, 14 February 2012

LDAP configuration maybe a little tricky sometimes. For this reason is very important following certain rules. First of all you need to configure JBoss LDAP authentication. If after that you can log into OpenKM, go ahead configuring OpenKM LDAP integration.

OpenKM is an J2EE that uses an Application Server called JBoss. In J2EE web applications, autentication and authorization are task delegated to the Application Server. This can be achieved because OpenKM use JAAS and you need to configure JBoss to handle your users and passwords. JBoss has many predefined Login Modules which handles different the user and password storage, like RDBMS or LDAP. These Login Modules are configured at $JBOSS_HOME/server/default/conf/login-config.xml file.

Once the user is logged into OpenKM, the application also need to know which users and roles are defined. In the case of the default database based authentication, you can even manage these users, passwords and roles from OpenKM Administration. But if you use another authentication and authorization backend like LDAP, you only will see these users and their password but no modification is allowed.

In OpenKM you need to configure these LDAP queries:

  • Get all users
  • Get all roles
  • Get email from a user
  • Get users in a role
  • Get roles from a user

Every query needs three configuration properties:

  • Search base
  • Filter
  • Attribute

So, the "get all users" query is composed by:

  • principal.ldap.user.search.base
  • principal.ldap.user.search.filter
  • principal.ldap.user.attribute

Nota advertencia.png Although OpenKM 5.1.x uses database for storing configuration properties, to simplify the usage this tool read these properties from OpenKM.cfg.

To build these queries, I recommend using the precious Apache Directory Studio tool. It is multi-platform and works pretty well.

As you can imagine, configure all these properties correctly is complex. For this reason we have developed a tool for testing OpenKM configuration. This tool can be downloaded from http://www.openkm.com/download/okm/OpenKM-5.1-LDAP.zip.


Nota clasica.png With these configuration parameters you should be able to configure your LDAP. But in some cases, the user location is split in two or more branches. In this case you will need to develop a custom LDAP adapter which meets your particular requirements.

To execute the utility try:

$ java -jar testLdap.jar

And will provide you the available options:

java -jar testLdap ACTION
Where ACTION can be: 
 * getUsers
 * getRoles
 * getMail (need an additional parameter)
 * getUsersByRole (need an additional parameter)
 * getRolesByUser (need an additional parameter)

So if you want to get the list of users, you need to run:

$ java -jar testLdap getUsers