LDAP Role Security

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
samjenkins00
Fresh Boarder
Fresh Boarder
Posts: 6
Joined: Wed Jun 12, 2019 7:50 am

LDAP Role Security

Post by samjenkins00 » Wed Jun 12, 2019 9:54 am

Hi All,

Apologies if this is answered elsewhere but I've not been able to find anything conclusive yet (after a few days of reading and experimenting).

I've implemented LDAP to our AD. I've created a ROLE_USER and ROLE_ADMIN group, and assigned these to users. Login and authentication works as expected.

Each user has a number of additional Role memberships from AD, eg (Engineering, Sales, Support, Finance etc). I can see these roles against each user in OpenKM, I can filter users based on roles, and i can assign roles to the Security panel for folders in Taxonomy - so i'm fairly confident the rols have been imported and linked correctly.

My issue is that the Taxonomy security seems to be ignoring all roles except ROLE_USER. A few examples:
  • okm:root has ROLE_USER & Engineering. If i configure ROLE_USER as read-only, and Engineering as full access, my user only gets read access even though they are part of the Engineering Role.
  • If create a folder under root with only the Engineering role applied (and remove ROLE_USER), my user cannot see or access the folder even though they are part of the Engineering Role
Any ideas?

Thanks,
Sam

jllort
Moderator
Moderator
Posts: 10717
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: LDAP Role Security

Post by jllort » Sat Jun 15, 2019 6:40 pm

1- Ensure your user really has the role ( check from administration).
2- Share login OpenKM.xml here ( comment the sections like password or private )

samjenkins00
Fresh Boarder
Fresh Boarder
Posts: 6
Joined: Wed Jun 12, 2019 7:50 am

Re: LDAP Role Security

Post by samjenkins00 » Tue Jun 18, 2019 9:11 am

Thanks, all working now. It was a silly (but critical) mistake in the one of the LDAP configuration parameters.

I was using a page refresh (by clicking hte URL and pressing enter) to reload the page and validate that things were working.

It was only after exiting (logging out) and re-entering credentials that i was unable to log in, which highlighted that one of my parameters was wrong.

Post Reply