OpenKM our new Document Management System, nice…..

For months I was searching for a system capable to track and store out internal documents. I tested several systems like alfresco, opendocman,…..

In the end I decided to give OpenKM a try.

OpenKM runs on a JBoss application server, so you are bound to Java.  They use Jackrabbit for their hierarchical content storage.  The frontend is realized with GWT (Google Web Tollkit).

For a full feature list click here.

OpenKM install hints:

I installed OpenKM on a recent Debian 6.0

Getting .pdf, .docx, .xlsx preview running:

First you need to install OpenOffice. Make sure you install …-math, …-writer, … -draw, …-calc packages.

OpenOffice hast to bee run in headless mode. I use following startup script:

#!/bin/sh
### BEGIN INIT INFO
# Provides:        OpenOffice Headless
# Required-Start:    
# Required-Stop:    
# Default-Start:    2 3 5
# Default-Stop:        
# Short-Description:    OpenOffice Headless
### END INIT INFO

PIDFILE=/var/run/openoffice-server.pid

case "$1" in
'start')
 if [ -f $PIDFILE ]; then
 echo "OpenOffice headless server has already started."
 sleep 5
 exit
 fi
 echo "Starting OpenOffice headless server"
 soffice "-accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager" -nologo -headless -nofirststartwizard & > /dev/null 2>&1
 touch $PIDFILE
 ;;
'stop')
 if [ -f $PIDFILE ]; then
 echo "Stopping OpenOffice headless server."
 killall -9 soffice && killall -9 soffice.bin
 rm -f $PIDFILE
 exit
 fi
 echo "Openoffice headless server is not running."
 exit
 ;;
*)
 echo "Usage: $0 { start | stop }"
 ;;
esac
exit 0

To get the preview stuff working you need also pdf2swf. Check your /bin directory there should be a pdf2swf executable or if you prefer you could take the swftool package from ubuntu.

The last step to get the previewer feature running is to set the corresponding config. flags at the OpenKm.cfg file.

  • system.openoffice=on
  • system.pdf2swf=/usr/bin/pdf2swf

Mail Notification configuration:

Mail notification is straight forward. Go to /opt/OpenKM-4.1_JBoss-4.2.3.GA/server/default/deploy/mail-service.xml . Edit the section to your needs.

If you face the problem that the links in your notification mails are pointing to localhost, you can alter the application.url flag in your OpenKM.cfg.

  • application.url={yourURL}:{yourPort}/OpenKM/es.git.openkm.frontend.Main/index.jsp

Changing from port 8080 -> 80

GoTo /opt/OpenKM-4.1_JBoss-4.2.3.GA/server/default/deploy/jboss-web.deployer/server.xml and edit

Change the port field to 80.

Securing your JBoss

One last thing needs to be done :-). Security! Holy Moly… what… yep.. Jboss runs out of the box like an open barn door. So a good idea would be to secure the jmx-console and web-console stuff. Because of that the jmx-console and web-console are standard servlets you can protect them very easily via enabling the security-constraint.

Securing the jmx-console:

1. Edit \server\default\deploy\jmx-console.war\WEB-INF\web.xml and uncomment the security-constraint section:

<!-- A security constraint that restricts access to the HTML JMX console
 to users with the role JBossAdmin. Edit the roles to what you want and
 uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
 secured access to the HTML JMX console.-->
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 <description>An example security config that only allows users with the
 role JBossAdmin to access the HTML JMX console web application
 </description>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>JBossAdmin</role-name>
 </auth-constraint>
 </security-constraint>

 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>JBoss JMX Console</realm-name>
 </login-config>

 <security-role>
 <role-name>JBossAdmin</role-name>
 </security-role>
</web-app>

2. Edit \server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml. Uncomment the following section:

 <jboss-web>
 <!-- Uncomment the security-domain to enable security. You will
 need to edit the htmladaptor login configuration to setup the
 login modules used to authentication users.-->
 <security-domain>java:/jaas/jmx-console</security-domain>

</jboss-web>

3. Edit \server\default\conf\props\jmx-console-roles.properties file

4. Edit \server\default\conf\props\jmx-console-users.properties file

5. Edit \server\default\conf\login-config.xml edit following section

 props/web-console-users.properties
 props/web-console-roles.properties

6. under \server\default\conf\props\ copy and rename the two jmx-console-xx to web-console-xx.

Automatically start OpenKM (Jboss) via init scripts:

If you want to start your OpenKM automatically at boot time you can use this init script:

#!/bin/sh
# /etc/init.d/jbossokm: Start and stop JBoss Application Service
### BEGIN INIT INFO
# Provides:        OpenKM
# Required-Start:    
# Required-Stop:    
# Default-Start:    2 3 5
# Default-Stop:        
# Short-Description:    OpenKM
### END INIT INFO

ECHO=/bin/echo
TEST=/usr/bin/test
JBOSS_START_SCRIPT=/opt/OpenKM-4.1_JBoss-4.2.3.GA/bin/run.sh
JBOSS_STOP_SCRIPT=/opt/OpenKM-4.1_JBoss-4.2.3.GA/bin/shutdown.sh

$TEST -x $JBOSS_START_SCRIPT || exit 0
$TEST -x $JBOSS_STOP_SCRIPT || exit 0

start() (
 $ECHO "Starting JBoss OKM."
 rm -rf /path/to/server/default/tmp
 rm -rf /path/to/server/default/work
 rm -rf /path/to/server/default/log
 su -l -c "$JBOSS_START_SCRIPT -b 0.0.0.0 > /dev/null 2> /dev/null &"
 $ECHO "Done."
 )

stop () (
 $ECHO "Stopping JBoss OKM. "
 su -l -c "$JBOSS_STOP_SCRIPT -S > /dev/null &"
 sleep 10
 $ECHO "Done."
)

case "$1" in
 start )
 start
 ;;
 stop )
 stop
 ;;
 restart )
 stop
 sleep 30
 start
 ;;
 * )
 $ECHO "Usage: jbossokm {start|stop|restart}"
 exit 1
 esac
 exit 0

Shutdown problems (network unreachable exception)

If you get an exception at shutdown or your shutdown script does not kill your JBoss then you could check sysctl-setting under /etc/sysctl.d/bindv6only.conf.

Make sure that the net.ipv6.bindv6only=0. !

If you would like to show your appreciation consider to support the guys from OpenKM with a donation 🙂

See PayPal subscription link at the bottom of the page

 


45 thoughts on “OpenKM our new Document Management System, nice…..”

  1. Hi Mario,

    It sounds like you found what you were looking for in OpenKM. Any chance for some insight into your preference?

    I am just starting down the road of evaluating some the opensource document management systems and without having much experience with DM, aren’t really sure what I am looking for. My current thoughts are – useability (including easy to upload docs), good search functionality and clientless. I primarily want to create a document repository for system design documents (mostly .doc with embedded visio and a few pdfs etc), that can be searched.

    Any comments/observations based on your months of searching would be really appreciated.

    Kind regards,
    Chris.

    1. Hi, Chris

      @Usability, OpenKM’s GUI is based on GWT ( Google Web Toolkit – Ajax ) so Firefox, Safari and a recent IExplorer shouldn’t have a problem to run it. They guys from OpenKM als have a demo system running where you can test it link.
      @File up/download, Files could be uploaded via the WEB GUI or the alternative way is via the WebDAV interface. WebDAV offers the possibility to mount parts oder the whole document tree as a network drive. With tools like NetDrive the mounted folder behaves like any other drive mount which isn’t the case if you use the explorer internal network share feature :-). Docs uploaded via WebDAV are also auto indexed.
      @search functionality, OpenKM has full text indexing for Text, HTML, RTF, XML, PDF, OpenOffice.org, MS Office, MS Office 2007,…. for Microsoft formats you need to run openoffice in background. You could also add Metatags to uploaded documents. One feature what we wanted to have is the preview feature. Within the WEB-GUI you could also preview your documents with a nice flash viewer.
      @Visio, this could/will be a problem for previewing, indexing, because to get a Microsoft format previewed OpenKM uses OpenOffice to convert it to .pdf (I think). And what i know, OpenOffice doesn’t support the Visio stuff see

      Other system that i have tested are:
      Alfresco Community Edition , but what i remember ,it was to feature rich :-), we only wanted a simple DM and nothing more.
      There were a few more but i can not remember their names right now 🙂

  2. Many thanks for the overview. The other thing I forgot to mention was stability, but I am assuming you have found OpenKM to be stable otherwise you wouldn’t be touting it.

    As the first tool I have evaluated it looks to have most of what I need and I am not sure if I need to look any further.

    BTW – your config hints above are great!

    1. Hi Chris,

      @stability, I’m using version 4.1 since 2 months and so far we haven’t had any problems except German “umlaute” *g*
      By the way, the OpenKM Team has announced version 5.0 for September……

      regards

      Mario

    1. Hi Osman,

      Yes i reviewed “Knowledgetree”. The reason why i do not take it into account is the limited feature of the community edition, in special the WebDAV Stuff.
      Edition Comparision

  3. Hi, I have OpenKM up and runing and besides the ocasional firefox hang or document check in glitch is running great. But I’m trying to replace the logo’s with mines and I can’t find the little openkm logo in the upper right after you log in. Have you tried doing this ?

    The main logo, the one when you log in was easy, it’s inside OpenKM.war

    Thank you

    1. Hi Silviu,

      I think the image you are searching is “logon_openkm_tiny.gif” located under “src\main\java\es\git\openkm\backend\public\img” or “src\main\java\es\git\openkm\fronted\public\img”
      The corresponding Java source is TopPanel.java. There are two of them one under “src\main\java\es\git\openkm\backend\client\panel” and the other one under “src\main\java\es\git\openkm\frontend\client\panel\top”

      Hope that helps you

      regards

      Mario

    1. Hi Iqbal,

      Per default, when OpenKM is started, it is bound to localhost. The easiest way to make it listen to all IP’s is to start it via -b 0.0.0.0.
      For example use:
      cd {your OpenKM installation folder}/bin
      ./run.sh -b 0.0.0.0 > /dev/null 2> /dev/null &

      hope that helped you

      Mario

  4. Hi Mario,
    First of all, thanks for this blog. There are good information I found here.
    I am currently evaluating OpenKM 5.0. I’ve installed it on Windows 7 and run successfully. However, I could not find any information about the office addins installation (i.e., what directory am I suppose to set for the installation? Which configuration file to change? Etc.). If you or anyone here knows, please pass the information along please.
    Thanks. Steve

    1. Hi Steve,

      For the Office-Addon you only have to download the add-ons package, and execute the installer for the various Office-Apps.
      After the installation finishes you will get a new “OpenKM” menu item. Goto -> configuration and add you user/pass and your OpenKM URL + the WebDAV service port.

  5. Hello! can you help me how to setup the notification feature of openkm 5.0?

    your help is very much appreciated.

  6. Yes! Im using now openkm 5.0, I cannot run the email notification feature. Im using windows 7 as my platform. please help.

    Thanks,

    Ken

    1. Hi Ken,

      It’s a bit difficult to say what’s going wrong without to know your configuration.
      At least i need your mail configuration to get a clue whats going wrong 🙂

  7. Hi,

    In the make secure directions you say:

    3. Edit \server\default\conf\props\jmx-console-roles.properties file

    4. Edit \server\default\conf\props\jmx-console-users.properties file

    However, what should be edited here….?

    1. Hi Arno,

      This files are for configuring your role name and the corresponding user name.. For example it may be a good idea to change “admin=admin” to something else. For example “admin=G0dofAdmins” :-).

  8. Hello Mario! Did you try to change the complete URL? I did change the port 8080 to port 80 but how can I eliminate the “OpenKM” in URL ip:80/OpenKM.

    Thanks.

    1. Hi, Alex

      I think you have to alter the tag in your /WEB-INF/jboss-web.xml located in the OpenKM.war.
      And I think you also have to look for additional /Openkm URL paths in the bindings sections of the web.xml file.

    1. Hi Jean,

      I’m pleased that my post helped you. Thanx for the feedback.
      @LDAP, Yes I’m using LDAP against our internal AD.

      greetings Mario

    1. Hi, Jean

      As “jllort” wrote there are two parts for the LDAP configuration.
      1. login-config.xml:
      You will find it under “/jboss-4.2.3.GA/server/default/conf”

      2. Is your LDAP part in the OpenKM.cfg

      1. Hi! i added more information in my post at that forum, i think when i really can get this working, other peoples will need this so… here’s my part to the world 🙂 i can now login.. but get no UserRoles as my friend here says: \we gonna kick this thing until his death\.. *lol* any clue are welcome (sorry for my bad english).

  9. Great tutorial. Have you tried to use https on the OpenKM installation. I heard that it has to be configured through JBoss. Have you been successful in doing it?

    1. Hi Jay,

      If you want to use OpenKM over HTTPs you have to use either apache with a virtualhost on port 443 with ProxyPass ,… in front of jboss or you can, as you just mentioned, configure jboss for using SSL.
      I think that GWT is transferring authentication data in a secure way, so there is not really a need for HTTPs ?

      Mario

  10. Hey Mario thanks for info . I will do a wireshark and see if i could sniff out any passwords. Another question for you. for e.g. if my domain is located in http://www.abc.com and openKM is in a folder /openkm. What are the config changes i have to do so when clients type http://www.abc.com it directly shows the openKM login page.

    1. Hi Jay,

      I toke also Apache for that purpose. A virtualhost with port 80 as AJP proxy should do the trick :-). I think you cannot change that in jboss because /openKM is the endpoint of the OpenKM servlet.

      Mario

  11. Hi Mario, Thanks for the prompt reply. You mean using Apache Tomcat? I’m not familiar with it. Is there any good document which explains how to use OpenKM with tomcat?

    1. Hi Jay,

      With Apache I meant the web server Apache. It is common to use a webserver (Apache) in front of a JBoss for example.

  12. Hi Mario,

    So basically OpenKM on JBoss will be listening on localhost and then apache will be sitting in the front listening on port 80 and forward requests to openKM? Did i get it right?

  13. for me works not, update-rc.d: warning: /etc/init.d/jbossokm missing LSB information and then manualy can not start, it says, bash: /etc/init.d/jbossokm: /bin.sh^M: bad interpreter blahblahblah

    1. Hi,

      You need to add

      #!/bin/sh
      ### BEGIN INIT INFO
      # Provides: OpenOffice Headless
      # Required-Start:
      # Required-Stop:
      # Default-Start: 2 3 5
      # Default-Stop:
      # Short-Description: OpenOffice Headless
      ### END INIT INFO

      to your init script.

  14. Hi mario, thank for this great tuto.

    Have tried logicaldocs, it is also based on gwt as gui and tomcat, lucene. there is any one who compared the two. I want a large scale dms (open of course) but have problem to choose.
    Any help is welcome.

  15. hello,

    I setup OpenKM (OpenKM-5.1.7_JBoss-4.2.3.GA.zip) on ubuntu 10.04, it works fine except I can not see any activity log information in administration Tab.

    I used the hypersonic, would you please help me.

    Thank you!

  16. Hi Team,

    I am evaluating openkm community edition. The information on this forum found very helpful for me to decide openkm.

    I have question about this product is there any limitations in storing the documents.

    Thanks in advance.

    Regards,
    Sethu. B

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.