• Documentation on Active Directory integration

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #50177  by rwebb
 
Hello,

Is there any good documentation on the Active Directory Setup? I have seen the pages in the online manual here and here.

Both I find to be a bit lacking in information and one of which is a for a slightly older version. I would like to help the documentation by having additional information added if I could get some input from the Dev team (or someone in the know) on what the parameters all mean. For example while going through this I have several questions that I think a lot of users will have as they attempt to configure this. Here are just some of my questions.

1) What is the difference between the configuration done in OpenKM.xml and in the admin interface?
2) What parts of the configuration are mandatory vs optional?
3) What does each configuration parameter do?
4) Are the roles just security groups in active directory with members in them?
5) Does the user account used to bind to AD for searching for information need to be an admin or can it be a standard user?

In one set of documentation it shows using the administrator account which I believe to be a bad practice since the password would be stored in the configuration in plain text. It would make sense to use a non privileged user for this. In another set it showed using a user called "connect" which was just an example but I think they were saying not to use the admin account.

I would be willing to do a write-up on the active directory configuration if I could get a) mine to work first and b) dev team or equivalent support for answering the questions that I have.

I think what would be beneficial is a complete start to finish active directory setup guide with screenshots from the actual management tools so it is very clear how to set it up. From some of the postings I have seen on the forum so far many people are wasting days of time trying to get this "feature" up and functioning in their environment.

I understand that there are many many ways to configure this but a little better documentation I think would go a long way.

Let me know what people out there think of this idea.

EDIT: Also mods if this would be better served in a different place please move it. I figured it was configuration related so I chose configuration.

Thanks,
Rich
 #50178  by rwebb
 
OK since my original posting I found the full LDAP documentation and it's pretty good. I still think it lacks a solid start to finish example of Active Directory setup. I also have not been able to make mine work.

The part I'm struggling with is the login authentication in the OpenKM.xml file. When I add the needed bits (or I've tried changing it too instead of adding) OpenKM won't start. I've got a test network that I am testing this against.

Rich
 #50186  by jllort
 
You have used as reference the deprecated documentation. Please take a look at https://docs.openkm.com/kcenter/view/ok ... roles.html

First must configure OpenKM configuration parameters. When you got running, users and roles will be shown in the administration. Arrived at this point to can switch to OpenKM.xml ( this is the right order to sucess with less times and pain with the configuration )

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.