Appreciate if someone can provide a solution for the below as I am not able to reach on my goal even after going through all the documents available for OpenKM.
I have three AD groups as IT Admins, HR, Accounts.
1. I need to allow only these group members to logon on OpenKM.
2. Restrict the access on folders created under okm:root for each department based on the groups.
Apart from above, few other clarifications.
1. LDAP configuration under Administration-Configuration is purely to list AD users and roles under Administration-Users screen? And, OpenKM.xml is for authentication?
2. Why I am not able to get other attributes in the screen such as Mail, Roles? whereas i am able to see Name and ID (ID is also not as expected).
I am attaching screenshot of my user screen and configuration under Administration as below.
I have three AD groups as IT Admins, HR, Accounts.
1. I need to allow only these group members to logon on OpenKM.
2. Restrict the access on folders created under okm:root for each department based on the groups.
Apart from above, few other clarifications.
1. LDAP configuration under Administration-Configuration is purely to list AD users and roles under Administration-Users screen? And, OpenKM.xml is for authentication?
2. Why I am not able to get other attributes in the screen such as Mail, Roles? whereas i am able to see Name and ID (ID is also not as expected).
I am attaching screenshot of my user screen and configuration under Administration as below.
Code: Select all
principal.ldap.mail.attribute : userPrincipalName
principal.ldap.mail.search.base : DC=mydom,DC=ae
principal.ldap.mail.search.filter : (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.referral :
principal.ldap.role.attribute : cn
principal.ldap.role.search.base List DC=mydom,DC=ae
principal.ldap.role.search.filter : (&(objectclass=group)(memberOf=CN=OpenKM,OU=Groups,OU=Infra-team,DC=mydom,DC=ae))
principal.ldap.roles.by.user.attribute : memberOf
principal.ldap.roles.by.user.search.base : DC=mydom,DC=ae
principal.ldap.roles.by.user.search.filter : (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.security.credentials : *********
principal.ldap.security.principal : CN=ad admin,OU=IT,OU=Infra-team,DC=mydom,DC=ae
principal.ldap.server : ldap://10.20.20.1:389
principal.ldap.user.attribute : sAMAccountName
principal.ldap.user.search.base List DC=mydom,DC=ae
principal.ldap.user.search.filter : (&(objectclass=person)(memberOf=CN=OpenKM,OU=Groups,OU=Infra-team,DC=mydom,DC=ae))
principal.ldap.username.attribute : displayName
principal.ldap.username.search.base : DC=mydom,DC=ae
principal.ldap.username.search.filter : (&(objectClass=person)(sAMAccountName={0}))
principal.ldap.users.by.role.attribute : member
principal.ldap.users.by.role.search.base : DC=mydom,DC=ae
principal.ldap.users.by.role.search.filter : (&(objectClass=group)(cn={0}))
Attachments
OpenKM_User.png (95.76 KiB) Viewed 1284 times