1. Home
  2. OpenKM 6.4
  3. Setup
  4. LDAP configuration
  5. Active Directory mixed configuration
  1.  

OpenKM 6.4
Hardware and software requirements
Installation
Setup
Antivirus configuration
Cleaning older activity log data
Configuring Apache HTTP Reverse-Proxy
Configuring Apache HTTP for changing context URL
Configuring Apache HTTPS Reverse-Proxy
Configuring Nginx HTTP Reverse-Proxy
Configuring Lucene Analyzer
Configuring OCR engine
Configuring OpenSSL
Configuring SWFTools
Configuring mail
Configuring Tomcat memory utilization
Configuring Tomcat port
Configuring Tomcat session timeout
Configuring Tomcat timezone
Configuring safe trash purge
Configuring Tomcat to work behind an Internet proxy
Change repository home
Change default role names
Enable extensions
Enable WebDAV
LDAP configuration
OpenLDAP example with URL base at login
Active Directory example with referral enabled
Active Directory example with login based on filtering users by roles
Active Directory basic configuration
Active Directory advanced configuration
Active Directory mixed configuration
Active Directory example with remember-me services
LDAP best practices for filtering users and roles
ClearOS LDAP configuration
LDAP troubleshooting
Log configuration
LibreOffice configuration
Security configuration
SSO Configuration
Configuring Google Drive
Configuring document expiration
Configuring Joomla integration
Configuring Wordpress integration
Configuring Two Factor Authentication
Configuring CIFS
Configuring Dropbox
Cache configuration
Configuring CADViewer
Configuring VidSigner
Configuring search highlighter
Troubleshooting
Administration guide
User guide
Migration guide
Development

Active Directory mixed configuration

The objective of this kind of configuration is to be able to authenticate against Active Directory but obtain roles from the database.

Available since OpenKM 6.4.28 version

LDAP structure

dc=com
    dc=company
        cn=users
            sAMAccountName=okmAdmin
                cn=users,dc=company,dc=com
                userPrincipalName=okmAdmin@mail.com
                cn=OpenKM Administrator
            sAMAccountName=user1
                cn=users,dc=company,dc=com
                userPrincipalName=user1@mail.com
                cn=User Name 1
            sAMAccountName=user2
                cn=users,dc=company,dc=com
                userPrincipalName=user2@mail.com
                cn=User Name 3

OpenKM.xml

<security:authentication-manager alias="authenticationManager">
  <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
 
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://192.168.0.6:389/dc=company,dc=local"/>
  <beans:property name="userDn" value="CN=Administrator,cn=users,dc=company,dc=local"/>
  <beans:property name="password" value="password"/>
</beans:bean>
 
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg name="authoritiesPopulator" ref="databaseAuthoritiesPopulator"/> 
</beans:bean>

<beans:bean id="databaseAuthoritiesPopulator" class="com.openkm.spring.DatabaseAuthoritiesPopulator">
  <beans:constructor-arg ref="dataSource"/>
  <beans:constructor-arg value="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
</beans:bean>
 
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="" />
  <beans:constructor-arg index="1" value="sAMAccountName={0}" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>

<!--Needed for remember-me services -->
<beans:bean id="userDetailService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
  <beans:constructor-arg ref="userSearch"/>
  <beans:constructor-arg ref="databaseAuthoritiesPopulator"/>
</beans:bean>

Configuration parameters

  • User members of ROLE_ADMIN or ROLE_USER are created in the database.

Go to Administration > Configuration parameters:

Field / PropertyTypeDescription
principal.adapter String

com.openkm.principal.MixedPrincipalAdapter
system.login.lowercase String

true
principal.ldap.server String

ldap://192.168.0.6:389
principal.ldap.security.principal String

CN=Administrator,cn=users,dc=company,dc=local
principal.ldap.security.credentials String

password
principal.ldap.referral String

 
principal.ldap.users.from.roles    Boolean

false
principal.ldap.user.attribute String

sAMAccountName

principal.ldap.user.search.base

 List

dc=company,dc=local

principal.ldap.user.search.filter

 String

(objectclass=person)

principal.ldap.username.attribute

 String

cn

principal.ldap.username.search.base

 String

dc=company,dc=local

principal.ldap.username.search.filter

 String

(&(objectClass=person)(sAMAccountName={0}))

principal.ldap.mail.attribute

 String

mail

principal.ldap.mail.search.base

 String

dc=company,dc=local

principal.ldap.mail.search.filter

 String

(&(objectClass=person)(sAMAccountName={0}))

© OpenKM kcenter v.1.0.0 (build: d51a7b0). All Rights Reserved. Documentation license