Open Source Document Management System | OpenKM

Hi

I had installed OpenKM , also we was authorized login form windows AD service .

But my users group had exist other groups in the Windows AD .

Therefor the openkm had showed other groups in the openKM role list , we need to filter "other groups" , How can I do ?

Could you help me .

Why is it a problem to you ? it's only shown by OpenKM administrator and as administrator know user has or not a group I do not know what security issue might be ?

Hi Jllort

Thanks for your reply

I had already attached file for you .

We login openkm by windows AD .

We need to exclude some roles name from openkm role permission list , I have highlight what I need to exclude role permission list.

How can I do ?

You should create a group into your AD, for example OPENKM and filter groups by it. Take a look at this documentation section https://docs.openkm.com/kcenter/view/ok ... roles.html , the value of the parameter principal.ldap.role.search.filter ( that means will be shown only groups what are members of OpenKM.

Hi Jllort

Does the OPENKM gorup must be create ?

If I need change group name that it's group name is "Users"

I setup value of the parameter "principal.ldap.role.search.filter" , as a below

(&(objectclass=group)(memberOf=CN=Users,dc=test,DC=com,DC=tw))

But it is not working , it can not show role list any more , is it correct parameter ? Please help me .

By the way , I had found some way , there is a special keyword "description" for principal.ldap.role.search.filter , as a below

http://sysadminnotebook.blogspot.tw/201 ... -auth.html

This questions means you have not understood how works the filtering. The idea is filtering groups based in filter query "group is member of other group". If you filter by a non existing group, you obviously will get an empty list ( none of them will accomplish with the rule ).

Hi Jllort

Thanks for your reply.

I will retype what I know .

The first , I need to create "OPENKM" OU organization in Windows AD root folder.
The Second , I need to move user group to "OPENKM" OU organization .


Could you help me.

Hi Jllort

Thanks for your reply.

I will retype what I know .

The first , I need to create "OPENKM" OU organization in Windows AD root folder.
The Second , I need to move user group to "OPENKM" OU organization .


Could you help me?

You should create a group for filtering, but where to set the group is your decision, it's only a filtering clause, the location of the group will determinate the filtering clause, nothing else.

Hi Jllort

Thanks , I got it , Cheers ~^^