• User role management in AD using LDAP

  • We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #53586  by nishant8900
I have connected to AD using LDAP and all the users are being listed.
Before implementing AD using LDAP, i could change the users role and access in the frontend using users option in administration tab, but that option is no longer available once i switched to AD. Now i am not able to change user's role like that (the edit option is not visible anymore in users list), although i could do it by changing it in AD at the backend.

I don't want to change the AD every time i want to change a user's role, instead what i want is a way, such that i change it in frontend.
So, my question is that as an administrator, how can I manage user's role and access in the frontend if the users are being listed from the AD?

 #53590  by jllort
When integrating AD in OpenKM, the control is totally in the AD side. OpenKM acts as a reader of the information contained in the AD. If OpenKM be able to change information in the AD you will have a security breach, this is not the way how you integrate AD.
 #53605  by nishant8900
I was thinking of using authentication using AD/LDAP and authorization using our opekm DB
for that i referred viewtopic.php?t=24388.
But didn't got my desired result.
So i want to ask if there is any other way or any 3rd party which we can use for authentication using AD but changing user roles from our openkm Database?
considering the AD users dump will be in our Database without passwords

 #53611  by jllort
In the professional edition is possible to login using the AD, but getting the roles from the openkm database is like a mixing configuration ( middle in the AD and other in the openkm databaes ). Anyway, I suggest get everything from the same poll, I can not understanding what is the problem to get roles from your AD if at the same time you are using the user for authentication, why authentication is a good option for you, but not managing roles from there?

Usually administrator wish to manage everything from a single point.
 #53615  by nishant8900
Actually we have 50+ roles in our case and if we have to change a role for a user then we have to get IT support since they have the access to change roles in AD. and this could prove out to be a hassle for both IT and other departments.
and there might be frequent changes in the roles due to department changes as well.
Thus, i am looking for a way to change it using system admin in our OpenKM.


About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.