Difference between revisions of "Active Directory"
(Formatting) |
|||
Line 1: | Line 1: | ||
− | To configure Active Directory we must make some changes in [[OpenKM.cfg]] configuration file and in login-config.xml file that can be found at %JBOSS_HOME%/server/default/conf | + | To configure Active Directory we must make some changes in [[OpenKM.cfg]] configuration file and in login-config.xml file that can be found at %JBOSS_HOME%/server/default/conf |
− | For both changes you need to restar jboss server. | + | For both changes you need to restar jboss server. |
'''OpenKM.cfg''' file example ( you must change '''192.168.0.6, Administrador, password and weyler''' values to your active directory values ) | '''OpenKM.cfg''' file example ( you must change '''192.168.0.6, Administrador, password and weyler''' values to your active directory values ) | ||
− | <source lang=" | + | |
+ | <source lang="java"> | ||
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter | principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter | ||
principal.ldap.server=ldap://192.168.0.6 | principal.ldap.server=ldap://192.168.0.6 | ||
Line 21: | Line 22: | ||
</source> | </source> | ||
− | In case of Active directory ( windows ) it's important that all users login be in lower case, for it purpose we enable system.login.lowercase=on property in [[OpenKM.cfg]]. The reason is so simply, Windows not makes any difference between upper or lower case validating user name credentials. | + | In case of Active directory ( windows ) it's important that all users login be in lower case, for it purpose we enable system.login.lowercase=on property in [[OpenKM.cfg]]. The reason is so simply, Windows not makes any difference between upper or lower case validating user name credentials. |
'''login-config.xml''' file example ( you must change '''192.168.0.6, Administrador, password and weyler''' values to your active directory values ) | '''login-config.xml''' file example ( you must change '''192.168.0.6, Administrador, password and weyler''' values to your active directory values ) | ||
− | <source lang=" | + | |
+ | <source lang="xml"> | ||
<application-policy name="OpenKM"> | <application-policy name="OpenKM"> | ||
<authentication> | <authentication> |
Revision as of 14:03, 21 January 2010
To configure Active Directory we must make some changes in OpenKM.cfg configuration file and in login-config.xml file that can be found at %JBOSS_HOME%/server/default/conf
For both changes you need to restar jboss server.
OpenKM.cfg file example ( you must change 192.168.0.6, Administrador, password and weyler values to your active directory values )
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://192.168.0.6
principal.ldap.security.principal=CN=Administrador,cn=users,dc=weyler,dc=local
principal.ldap.security.credentials=password
principal.ldap.user.search.base=cn=users,dc=weyler,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=cn=users,dc=weyler,dc=local
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},cn=users,dc=weyler,dc=local
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail
system.login.lowercase=on
In case of Active directory ( windows ) it's important that all users login be in lower case, for it purpose we enable system.login.lowercase=on property in OpenKM.cfg. The reason is so simply, Windows not makes any difference between upper or lower case validating user name credentials.
login-config.xml file example ( you must change 192.168.0.6, Administrador, password and weyler values to your active directory values )
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://192.168.0.6</module-option>
<module-option name="bindDN">CN=Administrador,cn=users,dc=weyler,dc=local</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">cn=users,dc=weyler,dc=local</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">cn=users,dc=weyler,dc=local</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="defaultRole">UserRole</module-option>
</login-module>
</authentication>
</application-policy>