Difference between revisions of "LDAP and Active Directory user examples"
From OpenKM Documentation
| Line 2: | Line 2: | ||
== LDAP example 1 == | == LDAP example 1 == | ||
| + | Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048 | ||
| + | |||
'''LDAP Structure''' | '''LDAP Structure''' | ||
<source lang="java"> | <source lang="java"> | ||
| Line 43: | Line 45: | ||
login-config.xml | login-config.xml | ||
<source lang="xml"> | <source lang="xml"> | ||
| − | <application-policy name="OpenKM"> | + | <application-policy name="OpenKM"> |
| − | + | <authentication> | |
| − | + | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > | |
| − | + | <module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option> | |
| − | + | <module-option name="java.naming.security.authentication">simple</module-option> | |
| − | + | <module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option> | |
| − | + | <module-option name="bindCredential">******</module-option> | |
| − | + | <module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option> | |
| − | + | <module-option name="baseFilter">(uid={0})</module-option> | |
| − | + | <module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option> | |
| − | + | <module-option name="roleFilter">(memberUid={0})</module-option> | |
| − | + | <module-option name="roleAttributeID">cn</module-option> | |
| − | + | <module-option name="roleAttributeIsDN">false</module-option> | |
| − | + | <module-option name="roleRecursion">-1</module-option> | |
| − | + | <module-option name="searchScope">SUBTREE_SCOPE</module-option> | |
| − | + | <module-option name="allowEmptyPasswords">false</module-option> | |
<!-- <module-option name="defaultRole">UserRole</module-option> --> | <!-- <module-option name="defaultRole">UserRole</module-option> --> | ||
| − | + | </authentication> | |
| − | + | </application-policy> | |
| − | |||
</source> | </source> | ||
Revision as of 17:03, 2 April 2012
The examples described here has been shared by OpenKM users and should be taken with care.
LDAP example 1
Forum url: http://forum.openkm.com/viewtopic.php?f=4&t=5830&p=15048#p15048
LDAP Structure
dc=fr
dc=soc
ou=groups
cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
cn=AdminRole, objectClass=posixGroup, memberUid = jack
ou=people
ou=intern
cn = jack, objectClass=inetOrgperson, uid = jack
cn = joe, objectClass=inetOrgperson, uid = joe
Configuration parameters
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true
login-config.xml
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://192.168.xxx.xxx:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=admin,dc=soc,dc=fr</module-option>
<module-option name="bindCredential">******</module-option>
<module-option name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=groups,dc=soc,dc=fr</module-option>
<module-option name="roleFilter">(memberUid={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<!-- <module-option name="defaultRole">UserRole</module-option> -->
</authentication>
</application-policy>
