• Windows AD and role filter

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #43957  by dearjack
 
Hi

I had installed OpenKM , also we was authorized login form windows AD service .

But my users group had exist other groups in the Windows AD .

Therefor the openkm had showed other groups in the openKM role list , we need to filter "other groups" , How can I do ?

Could you help me .
 #43976  by jllort
 
Why is it a problem to you ? it's only shown by OpenKM administrator and as administrator know user has or not a group I do not know what security issue might be ?
 #43980  by dearjack
 
Hi Jllort

Thanks for your reply

I had already attached file for you .

We login openkm by windows AD .

We need to exclude some roles name from openkm role permission list , I have highlight what I need to exclude role permission list.

How can I do ?
Attachments
Windows_AD.png
Windows_AD.png (196.38 KiB) Viewed 3855 times
Role_list.PNG
Role_list.PNG (26.51 KiB) Viewed 3855 times
 #43990  by jllort
 
You should create a group into your AD, for example OPENKM and filter groups by it. Take a look at this documentation section https://docs.openkm.com/kcenter/view/ok ... roles.html , the value of the parameter principal.ldap.role.search.filter ( that means will be shown only groups what are members of OpenKM.
 #44022  by dearjack
 
Hi Jllort

Does the OPENKM gorup must be create ?

If I need change group name that it's group name is "Users"

I setup value of the parameter "principal.ldap.role.search.filter" , as a below

(&(objectclass=group)(memberOf=CN=Users,dc=test,DC=com,DC=tw))

But it is not working , it can not show role list any more , is it correct parameter ? Please help me .

By the way , I had found some way , there is a special keyword "description" for principal.ldap.role.search.filter , as a below

http://sysadminnotebook.blogspot.tw/201 ... -auth.html
Attachments
role_fileter_201706080218.PNG
role_fileter_201706080218.PNG (13.19 KiB) Viewed 3832 times
rol_list_201706080209.PNG
rol_list_201706080209.PNG (9.95 KiB) Viewed 3832 times
 #44045  by jllort
 
This questions means you have not understood how works the filtering. The idea is filtering groups based in filter query "group is member of other group". If you filter by a non existing group, you obviously will get an empty list ( none of them will accomplish with the rule ).
 #44054  by dearjack
 
Hi Jllort

Thanks for your reply.

I will retype what I know .

The first , I need to create "OPENKM" OU organization in Windows AD root folder.
The Second , I need to move user group to "OPENKM" OU organization .


Could you help me.
 #44055  by dearjack
 
Hi Jllort

Thanks for your reply.

I will retype what I know .

The first , I need to create "OPENKM" OU organization in Windows AD root folder.
The Second , I need to move user group to "OPENKM" OU organization .


Could you help me?
 #44056  by jllort
 
You should create a group for filtering, but where to set the group is your decision, it's only a filtering clause, the location of the group will determinate the filtering clause, nothing else.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.