Active Directory - Problem with profiles

[lucaboss]

Hi,
I've successfully installed OpenKM 5.1.9 with Active Directory login. Everything works and roles are applied correctly (AdminRole to Admin and UserRole to normal users).

The problem is with profiles; i've created a Test profile and applied it (via admin-gui) to an user (named "test"); but that user still use the "Default" profile.

The reason for this behaviour is simple; the GUI sets the profile by using the "cn" and not "sAMAccountName"; but on login the system identifies the user by its sAMAccountName.

In fact if I inspect the OKM_USER_CONFIG table, the UC_USER value is "Test User" and not "test" as it should be. If I fix manually the record via an UPDATE query, everything works.

My question is; is there a way to fix this and keep using the gui or should I fix them by hand ?

Thank you,
Luca

[pavila]

You should use "sAMAccountName" in the LDAP OpenKM configuration as you have seen. If used "cn" you need to fix later the table entry by hand because the "cn" may change and the "sAMAccountName" can't.

[lucaboss]

Thank you for your answer.

So my question is; does active-directory user authentication support applying security policies to document/folders inside the taxonomy ? If I go to the security page I can see only UserRole, but not users inside that role.

Thank you again,

Luca

[jllort]

You should create other roles. UserRole and AdminRole should not be propagated to repository and are filtered, that's why you can not see it. Specially UserRole because all users has it. The idea is a user will have at least two roles UserRole ( to login ) and RoleX as a privileges into Repository ( okm:root, okm:taxonomy etc... )