Change admin user, or add new admin user

[raquel3rs]

Hello!

I have OpenKM 6.3.0

I was playing around with LDAP and Active Directory integration and did some mistakes. Yes i did sucessfully do the Integration and the users were populated in the users list but with no roles or admin privileges.
When I did the AD integration I changed the properties configuration with my admin account (okmAdmin) and changed the property "system.login.lowercase" to true, :O not remembering that okmAdmin had uppercase letter.
I managed to deactivate the Active Directory users and go back to the users in OpenKM that I had (supossedly in the database), and can now enter with any user, but not the admin account, because it has an uppercase letter

Does someone know how to deactivate the "system.login.lowercase" to false? I know that since openkm 3.0 it is handled via the interface but isn't there any file that I can change? I tried the OpenKM.cfg but it does not matter what i put there, the properties aren't changed.

Or is there a way I can turn my normal user into an admin account?

Thank you in advance! I really need help

[jllort]

Are you using embeded database HSQL or other database MySQL ( we suggest MYSQL or other for production environment ).
You're using Microsoft AD, because Microsoft AD is not case sensitive and should login for okmadmin or okmAdmin with the same user. Use the parameter system.login.lowercase=true with Microsoft AD is good because you are sure all users will be lower case from openkm scenario ( OpenKM is case sensitive and if you log the same user with lower or upper case from AD is the same but from OpenKM side are different ).

You have got two other possible options, from AD add other user ROLE_ADMIN ( then will be able to get access administrator tab, do the change ). Other option is set all users to ROLE_ADMIN and remove it, changing OpenKM.xml adding :

Code: Select all

<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
        ......
	<beans:property name="defaultRole" value="ROLE_ADMIN" />
      </beans:bean>

[raquel3rs]

Thanks!

I solved my problem another way, I just reset the configurations and started again. :/ didn't know at the time.

I am not using another database, i am using what came with openkm, I suppose it's HSQL.

I managed to get the users from the active directory, but they come without roles assigned, or with roles assigned by the AD. I managed to create a group in Active directory for ROLE_ADMIN and assigned a user to that group, and now that user appears in Openkm with the ROLE_ADMIN role, but all the others don't have the role ROLE_USER assigned to them. I can't modify anything in openkm even though I have admin privileges (I thought I could assign the user roles to the others in openkm). Does that mean that I have to assign all the users to the group ROLE_USER in active directory, as I did for the admin role?

Thanks!

[jllort]

If user has ADMIN_ROLE is not necessary assign ROLE_USER otherside is mandatory.

In production environment we suggest use Mysql or other DBMS, not the embeded.

[raquel3rs]

But all my users from AD do not have a ROLE assigned to them, aside from me.
shouldn't the other users have ROLE_USER assigned to them? Can this be done from the administration?

[jllort]

It must be done from AD side. AD take control of OpenKM what acts as a reader. OpenKM expects user has ROLE_USER or ROLE_ADMIN, there's no much what can be done.

Other option should be do some changes in source code to only get users name ( not roles ) and declare roles into openkm. This is possible but no easy - and need source code changes - I can guide on it if you want and have got java skills.