Missing "New user" button once I configure AD integration

[sonnysiah]

Hi,

Just to confirm if I configured AD integration and it work fine no problem login via AD directory, I found the existing user okmAdmin will be remove and New user button also hidden, I try manually enter the URL /OpenKM/admin/Auth?action=userCreate and I can see user creation screen, I try fill up a test user seem can saved but once url refresh the created user missing again.

I feel that once integrate with AD, there are some security features unable to apply to user like I cannot create new profile to assign to user, this is very useful for most cases.

[jllort]

Obviously, when you integrate AD you only have read access to the AD ( otherwise you will have a security break ), that's why you are not allowed to add users from openkm to the AD, basically you do not have grants for doing it. You must manage users from your AD.

You can create new profiles an assign to users.

[sonnysiah]

Hi,

Thank you very much, but how to assign new profile "GeneralUser" to user since I cannot get user in list, user login via AD?.

[sonnysiah]

Hi,

Is there a way to "adding" AD user into OpenKM database so that we can further set customize profile into it, we need to "hide" certain option like create folder etc to users? This is useful in production since only certain people allow to create folders only.

Thanks.

[jllort]

If you are not listing users in the User panel, then your AD integration is wrong and should modify until you get users there.

About grants, the AD integration is full, users and roles are binding from AD, that means when you apply a group in the AD, also you are applying in OpenKM too. The roles used in your AD are the same as they are used in OpenKM.