LDAP Role Security
PostPosted:Wed Jun 12, 2019 9:54 am
Hi All,
Apologies if this is answered elsewhere but I've not been able to find anything conclusive yet (after a few days of reading and experimenting).
I've implemented LDAP to our AD. I've created a ROLE_USER and ROLE_ADMIN group, and assigned these to users. Login and authentication works as expected.
Each user has a number of additional Role memberships from AD, eg (Engineering, Sales, Support, Finance etc). I can see these roles against each user in OpenKM, I can filter users based on roles, and i can assign roles to the Security panel for folders in Taxonomy - so i'm fairly confident the rols have been imported and linked correctly.
My issue is that the Taxonomy security seems to be ignoring all roles except ROLE_USER. A few examples:
Thanks,
Sam
Apologies if this is answered elsewhere but I've not been able to find anything conclusive yet (after a few days of reading and experimenting).
I've implemented LDAP to our AD. I've created a ROLE_USER and ROLE_ADMIN group, and assigned these to users. Login and authentication works as expected.
Each user has a number of additional Role memberships from AD, eg (Engineering, Sales, Support, Finance etc). I can see these roles against each user in OpenKM, I can filter users based on roles, and i can assign roles to the Security panel for folders in Taxonomy - so i'm fairly confident the rols have been imported and linked correctly.
My issue is that the Taxonomy security seems to be ignoring all roles except ROLE_USER. A few examples:
- okm:root has ROLE_USER & Engineering. If i configure ROLE_USER as read-only, and Engineering as full access, my user only gets read access even though they are part of the Engineering Role.
- If create a folder under root with only the Engineering role applied (and remove ROLE_USER), my user cannot see or access the folder even though they are part of the Engineering Role
Thanks,
Sam