Logging in without ROLE_USER or ROLE_ADMIN

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
Fresh Boarder
Fresh Boarder
Posts: 14
Joined: Thu Mar 15, 2018 1:18 pm

Logging in without ROLE_USER or ROLE_ADMIN

Post by tumi » Thu Mar 15, 2018 3:01 pm


I have succesfully connected OpenKM 6.3.2 to my Active Directory, but I want it to work without assigning ROLE_USER or ROLE_ADMIN group to every user. I have bunch of hundreds of users (customers) divided to different groups (companies) and I want to create a folder for each company. I can make these folders and roles manually (and change the folder security to match the roles). But now, if I login user with role "company", I get following error:

Code: Select all

2018-03-15 16:59:25,972 [http-nio-] INFO  com.openkm.module.db.DbAuthModule - Create okm:trash/okm_testaaja
2018-03-15 16:59:25,976 [http-nio-] ERROR com.openkm.module.db.DbAuthModule - f1de7e45-a37f-45e1-8d3b-a82069420d7a : /okm:trash
So how can I give privileges for "company" role to that /okm:trash ? Or how should I solve this problem?

Posts: 10495
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain

Re: Logging in without ROLE_USER or ROLE_ADMIN

Post by jllort » Thu Mar 15, 2018 7:58 pm

The issue is that OpenKM expect all the user have ROLE_USER and you need this grant for the application be able to automatically create this folder at the first time the user loged. There's a quick workaround what is assign ROLE_USER from OpenKM.xml to all users authenticated , read how doing it here https://docs.openkm.com/kcenter/view/ok ... fROLE_USER

At least you should assign ROLE_ADMIN to few users from your AD to grant super user privileges ( this is mandatory ).

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests