Open Source Document Management System | OpenKM

Hi, I got some questions about openkm authentication as below. I am using community edition 6.3.1 and trial on professional edition 6.4.22.

1. Could it support database authentication and ldap authentication at the same time? both configuration in file openkm.xml?
2. I like to integrate with Active Directory, but I don't want to create group ROLE_ADMIN and ROLE_USER in AD, how could I map users to ROLE_ADMIN and ROLE_USER?
3. Administration -> Configuration -> ldap settings to control import AD users/groups to openkm? File openkm.cfg is obsolete?
4. File openkm.xml is to control the ldap authentication?
5. I tested AD integration, then it has exception on "user has no permission on trash folder". Then I edit DefaultRole = ROLE_USER, afterward, no users is administrator, right?

Sorry for so many questions as I am newbie in openkm. Thanks in advance.
daniel lam

Yes so many questions:

1- Should investigate spring configurations for two users pole, one from database and another for AD ( I suspect is possible, in bad scenario should create your own spring adapter for it ). From OpenKM side should create a mixing Adapter ( DatabasePrincipalAdapter and LdapPrincipalAdapter combined into YourOwnAdapter.java )
https://sourceforge.net/p/openkm/code/H ... principal/
2- You need two roles, if you do not want to user ROLE_USER and ROLE_ADMIN should patch WEB-INF/applicationContext.xml file ( also must be changed default.user.role and default.admin.role configuration parameters ( administration / configuration parameter ). I suggest do this kind of change at the end, otherwise your integration will increase the complexity ( and remove later the created ROLE_ADMIN, ROLE_USER by your own group names )

AD integration is full integration with users and roles into your AD ( not a mixed one ). When you want control you should prefer full control from AD not only mixed.

Thanks for your reply jllort.

Finally, I created groups ROLE_ADMIN and ROLE_USER in AD, then import users/groups from AD. And set authentication to AD as well, but every users login could see "administration" tab. Is it everyone is administrator? How to control users with permission to see "administration" tab? I tried set "DefaultRole"="ROLE_USER" in file openkm.xml but in vain. Please kindly advice. Thanks a lot.

daniel lam

Only administrator users should be members of ROLE_ADMIN ( check your AD to be sure only administrators are members of this role, otherwise everyone are able to show administration tab )