Curios your application-policy name <application-policy name="FAB66"> should be name "OpenKM" are you sure you're really login with ldap ?
I'll asume all users are under ou=people,o=sevenSeas and all roles under ou=roles,o=sevenSeas ( otherside will need some changes )
You should go to OpenKM administration configuration -> configuration parameters
http://wiki.openkm.com/index.php/Configuration_view
Then enable ldap principal adapter ( that is the only which need restarting openkm service )
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
If your ldap is not case sensitive like microsoft active directory should force all id to be lowercase ( I think is not your case )
Then for example configure to get all users list in administration ( I'm not sure about your user search filter, the idea is get all nodes with some property, in active directoy is (objectclass=person) but in your ldap your ldap could be inetOrgPerson or organizationalPerson too.
Code: Select allprincipal.ldap.user.search.base=ou=people,o=sevenSeas
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=uid
Then get roles ( I have not seen all grop properties in your post but normal filter is )
Code: Select allprincipal.ldap.role.search.base=ou=roles,o=sevenSeas
principal.ldap.role.search.filter=(objectclass=group)
principal.ldap.role.attribute=cn
That for getting mail
Code: Select allprincipal.ldap.mail.search.base=ou=people,o=sevenSeas
principal.ldap.mail.search.filter=(&(objectclass=person)(uid={0}))
principal.ldap.mail.attribute=mail
Users by roles ( I'm not sure about member attribute you should take a look in your real ldap configuration )
Code: Select allprincipal.ldap.users.by.role.search.base=cn={0},ou=roles,o=sevenSeas
principal.ldap.users.by.role.search.filter=(objectclass=group)
principal.ldap.users.by.role.attribute=member
Other filter
Code: Select allprincipal.ldap.roles.by.user.search.filter=(&(objectclass=person)(uid={0}))
etc ..
I think with it you got the idea