No not all employees have OKM_USER role in AD ur right.
So here is my understanding: there are two places where LDAP is configured -> in Administration Configuration (to get full list of users), and in OpenKM.xml (for AD login).
When I use these values in Administration Configuration:
- For principal.ldap.mail.search.base: ou=XXX,dc=YYYYYYY,dc=net
- For principal.ldap.role.search.base: ou=XXX,dc=YYYYYYY,dc=net
- For principal.ldap.roles.by.user.search.base: ou=XXX,dc=YYYYYYY,dc=net
- For principal.ldap.user.search.base: ou=XXX,dc=YYYYYYY,dc=net
- For principal.ldap.username.search.base: ou=XXX,dc=YYYYYYY,dc=net
I get only the people (from OU) who some of them have the role OKM_USER.
However, I dont see any user from outside of (OU=XXX).
If I remove OU, and use only dc=YYYYYYY,dc=net
, I dont see any user in our OU as I only get the first 1000.
Is there a way to get only users from AD who have OKM_USERS / OKM_ADMIN roles regardless of the OU? (our company has many entities and OU=XXX contains the list of employees from our own entities only).
I hope my explanation was clear.
Thanks for your support