Online demo
Download
Contact

Because information matters

  • Group permission works, user permission not

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Thu Jun 19, 2025 3:33 pm

Group permission works, user permission not

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

Group permission works, user permission not

 #10969  by Catscratch
 
Hi there,

I'm using 5.0.4 with MS ldap. Everything is working fine.

But I may only add permissions based on user groups. If I add a permission for a single user, nothing happens. No error. And the folder does not appear for the user.

Where could be the error? Where should I start looking?

Example:
Group1 = User1, User2

FolderA (Permission for Group1)
-> User1 see it, User2 see it

FolderA
- SubFolderA1 (Permission for User1, permission for Group1 is not set - this entry isn't there)
-> no user sees this SubFolder
Why?

thank you

Re: Group permission works, user permission not

 #10989  by jllort
 
The username that is stored on security is the same as you're login ?

Do you have system.login.lowercase=on ? all users are lower case, that's usefull because ms has not difference bettween upper and lower case with users, but openk does.

The problem could be on the direction I've described or some ldap bad mapping, none of our customers that have ldap has this problem ( it's extrange that will be a new bug )

Re: Group permission works, user permission not

 #10990  by Catscratch
 
logon.lowercase is on, yes.

And the user login contains only lowercase characters (in the active directory). But in the users security tab the username is displayed. Not the user login. So everything seems fine.

Re: Group permission works, user permission not

 #10997  by jllort
 
make some screenshot where we can see desktop with some user loged and then other with the file ( security tab ) where you've got the problem with this user to see the roles, users that has grants, etc...

Re: Group permission works, user permission not

 #11005  by jllort
 
as you can see on screenshot you're logged as "okmstudent" but the security grant has been set to "openkm student" that's not the same string, here you've got some problem "openkm student" might be "okmstudent" that's the reason why is not working the secutiry grant with that users and probably with others.

Re: Group permission works, user permission not

 #11012  by Catscratch
 
But where do I configure openkm to use the ldap login instead of the ldap real name?

The active directory user looks like this:
First name: openkm
Last name: student
sAMAcountname: okmstudent

The user logs in with the sAMAcountname (okmstudent).
But in the security tab, openkm only lists the users by their <firstname lastname> combination. So it should definitely be the same user. And openkm should do the mapping.
Last edited by Catscratch on Mon May 16, 2011 2:29 pm, edited 2 times in total.

Re: Group permission works, user permission not

 #11025  by jllort
 
obviously you're not understanding that what are you looking on popup is considered the username as login name, if it's displayed as <firstname lastname> it's considering is referenced a login with username <firstname lastname>

Re: Group permission works, user permission not

 #11028  by Catscratch
 
I don't really understand, what's the problem. Maybe I used too similar usernames in the given example.

New example.
Firstname: Hans
Lastname: Meier
sAMAcountname: login1

Now I see "Hans Meier" in the security tab of openkm. And I login with "login1". But it's the same. With the login "login1" I can't see the folder with access for user "Hans Meier". But I can't choose "login1" in the security tab, because all users are listed with their <firstname, lastname> combination, e.g. "Hans Meier".

Re: Group permission works, user permission not

 #11050  by jllort
 
Your ldap configuration is wrong you must show in user list sAMAcountname: login1 not Firstname + Lastname ( for it reason you're not assigning privileges because Firstname + Lastname is not the username and system can not stablish a relation between username and Firstname + Lastname. Conclusion is user list must be shown username

Re: Group permission works, user permission not

 #11051  by Catscratch
 
Hm ok. I try to reconfigure the ldap connection.

But I thought is was a feature. Normally a user logs in with this sAMAcountname. But the security access should be configured with the CN (firstname, lastname). Because the CN is human readable and the sAMAcountname not necessarily shows which user is behind this login.

Edit: Maybe you can convert the bugtracker entry from a bug report to a feature request.

Edit2: The solution is
Code: Select all
principal.ldap.user.attribute=sAMAccountName
But the feature request still exists. Because now I can use single user access rights, but it's not really good human readable.
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -