Different Roles from LDAP

[ares]

Hello, here again.

I want to have different roles from LDAP. I'm not a LDAP admin for security purposes and this is my project. I also don't want the LDAP admin to be an admin in OpenKM. I want to be an admin in OpenKM and other users will be on UserRole. How can I do this?

Thanks

[jllort]

Must create UserRole and AdminRole in your ldap among other roles that you could have or create newer. The idea is the same than with DBMS simply that you get roles from your ldap not from your DBMS. You need ldap user with credential to query on your ldap ( it's not necessary be the administrator, but should have grants to query ldap ).

Admin users in openkm are which you assign AdminRole in your ldap. Other users must have UserRole among others roles ( but this is mandatory and used internally to grant connection to OpenKM application, others will be used in repository ).

I'm not totally sure if I answering your question ?

[ares]

I got the idea after reading some posts.

I now got the LDAP admin to create me a group called OpenKMRoles wherein AdminRole and UserRole Groups are members. I registered 1 user to AdminRole Group and 1 user to UserRole Group. It worked. But now my problem is I cannot view users from the Administrator tab. I read from balbaroy's post (http://forum.openkm.com/viewtopic.php?f=4&t=5527) his problem was ssl and that it worked after he added s on ldap:// (ldaps://) only needed minor tweaks.

I used balbaroy's login-config.xml and OpenKM.cfg, also his user ldap structure.

Pls help.

Should I post another thread for this?

[jllort]

We can continue with it.

ldaps:// only solves the connection problem to ldap. Must forget login-config.xml that's only for authentication but there're some parameters in configuration that must be configured too take a look here http://wiki.openkm.com/index.php/Configuration_view

Have you yet starting configuring that ?

[ares]

This is my LDAP

dc=company,dc=this,dc=that
-----ou=company
----------ou=depts
---------------cn=Spiderman
---------------cn=Birdman
----------ou=OpenKMUsers
---------------cn=OpenKMRoles <---- Group
--------------------cn=AdminRole <---- Group
-------------------------cn=Birdman
--------------------cn=UserRole <---- Group
-------------------------cn=Spiderman


How to import users here to the users in the administration tab? So far I see no users there. We have about 1000 users, can it import this much?
I'm just using balbaroy's OpenKM.cfg
BTW, I can't see anything on other than the preloaded items in configuration. Also, I am not a domain admin, this won't matter write? in getting the list of users?


Help.

[ares]

I don't think its listening to my OpenKM.cfg settings

[ares]

i got it. i have now imported users. Thanks

[jllort]

Yes, changes from version 5.1 are made in Administration ( directly from dbms )