Forum rules:
Please, before asking something see the
documentation wiki
or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read
How to Report Bugs Effectively
.
My first time configuring OpenKM, (before you read into this, yes I did try searching the forum for answers, but no cake here) I would appreciate the help. The error I receive is
********** ERROR /******
Code:
Select all
2018-03-08 14:30:00,847 [Thread-16] ERROR c.o.principal.LdapPrincipalAdapter - NamingException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 ] (Cache: com.openkm.cache.ldapPrincipalAdapter.general - Key: getUsers - Base: [DC=BDB,DC=local] - Filter: (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=BDB,DC=local)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=BDB,DC=local))) - Attribute: sAMAccountName)
2018-03-08 14:30:00,847 [Thread-16] WARN com.openkm.core.Cron - Crontab task mail address is empty: Return: null
********** EXTRA INFO
if I'm not Mistaken code 49 is a bind error, but I did a bind test with the LDP application on the domain controller and was able to bind it successfully and browse the users.
The windows server is also on the DOMAIN.
********** My Active Directory
(the user openkmldap is also in this OU)
(here I have 2 security groups for admin, and users)
My users are split into the following
Code:
Select all
OU=Clinical Users,OU=OTDBC,DC=BDB,DC=local
OU=Non Clinical Users,OU=OTDBC,DC=BDB,DC=local
****** My current configuration
Code:
Select all
Field / Property Type Description
principal.adapter String com.openkm.principal.LdapPrincipalAdapter
system.login.lowercase String TRUE
principal.ldap.server String ldap://ReadOnlyDC:389
principal.ldap.security.principal String CN=openkmladp,OU=OPENKM,DC=BDB,DC=local
principal.ldap.security.credentials String [password]
principal.ldap.referral String follow
principal.ldap.users.from.roles Boolean FALSE
principal.ldap.user.attribute String sAMAccountName
principal.ldap.user.search.base List DC=BDB,DC=local
principal.ldap.user.search.filter String (&(objectclass=user)(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=BDB,DC=local)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=BDB,DC=local)))
principal.ldap.username.attribute String cn
principal.ldap.username.search.base String DC=BDB,DC=local
principal.ldap.username.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute String userPrincipalName
principal.ldap.mail.search.base String DC=BDB,DC=local
principal.ldap.mail.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.role.attribute String cn
principal.ldap.role.search.base List DC=BDB,DC=local
principal.ldap.role.search.filter String (objectclass=group)
principal.ldap.roles.by.user.attribute String memberOf
principal.ldap.roles.by.user.search.base String DC=BDB,DC=local
principal.ldap.roles.by.user.search.filter String (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute String member
principal.ldap.users.by.role.search.base String OU=OpenKM,DC=BDB,DC=local
principal.ldap.users.by.role.search.filter String (&(objectClass=group)(cn={0}))
Andre
I suggest first concentrate in OpenKM ldap parameters from administration -> retrieving users and roles list. When you success from there we can go for authentication. I suggest switch meanwhile autentication to database again.
You ldap is an open ldap ( basically the question, is not a Microsoft Active Directory ). In case is not MS AD the parameter system.login.lowercase should be false because openldap is case sensitive, otherwise is right.
Are you retrieving users and list ?
I suggest take a look at this ldap sample configuration
https://docs.openkm.com/kcenter/view/ok ... login.html
( the issue with openldap is that you must set attributes in users and roles nodes to be able to retrieve in both direction the users from roles and roles from user). In case professional edition we have mixed configuration where roles are into openkm database and user in ldap what simplies the case, but the feature is still not available from community.
Application error
Class: org.springframework.ldap.PartialResultException
Message: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
Date: Sun Mar 11 12:14:13 GST 2018
while I am longing using AD
Application error
Class: org.springframework.ldap.PartialResultException
Message: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
Date: Sun Mar 11 12:14:13 GST 2018
while I am longing using AD
Solved by adding
Code:
Select all
<beans:map>
<beans:entry>
<beans:key>
<beans:value>java.naming.referral</beans:value>
</beans:key>
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
About Us
OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.
