Configure SeedDMS to use LDAP

This guide will walk through the configuration of SeedDMS 6.x to use LDAP for authentication.

This guide follows on from Installing SeedDMS 6.x on FreeBSD 12 and only covers configuring SeedDMS to use an already existing LDAP server.

Configuration steps

Configuration of LDAP is done at the command line level, it's not accessible via the webui.

  1. Log on to the box hosting SeedDMS as an administrator or another user that has access to the directory structure
  2. If you used the previous guide listed above, your webroot is most likely /usr/local/www/seeddms, change to it by using
    cd /usr/localwww/seeddms
  3. Using the vi editor, open the settings.xml file kept in the conf directory
    vi conf/settings.xml
  4. Now need to look for the following section:
        <!-- ***** CONNECTOR LDAP  *****
            - enable: enable/disable connector
            - type: type of connector ldap / AD
            - host: hostname of the authentification server
            -       URIs are supported, e.g.: ldaps://
            - port: port of the authentification server
            - baseDN: top level of the LDAP directory tree
            - bindDN: use this dn for a first step bind, leave empty for annonymous bind
            - bindPw: use this password for a first step bind
            - filter: Additional filters which are to be checked
        <connector enable="false" type="ldap" host="ldaps://" port="389" baseDN="" bindDN="" bindPw="" filter=""/>
  5. The line
    <connector enable="false" type="ldap" host="ldaps://" port="389" baseDN="" bindDN="" bindPw="" filter=""/>

    needs to be updated with the correct details.

  6. Firstly, set enable="false" to read enable="true". This will turn on the connector
  7. Next we can skip the type value, as it already has the value we want, that of ldap
  8. Set the host value using the fully qualified name and protocol, such as ldaps:// This is the preferred way, plus it also means can leave the port field blank
  9. Set the baseDN value to the OU that contains your users. Such as ou=Users,dc=domain,dc=com. I have my users in this level of OU, i've not experimented with multiple OUs nor subtrees yet.
  10. As we can use the account being logged in with to authenticate, leaving bindDN and bindPW blank
  11. Finally i've left filter blank for now, but plan for it to be used in the future by narrowing down users based on say group membership, or by account type, etc.
  12. Save the file using :wq to return to the command line
  13. Now attempt to log in using a LDAP based account

Only after a successful login will that account become available for such things as permissioning in the folder structure & other SeedDMS rights and groups assignments.

Previous Post Next Post

Add a comment


Written on Tue, 28 May 2024 18:20:20 by XqvlzdfCYIaAB