Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

unable to see all users when connecting to Microsoft AD using LDAP

https://forum.openkm.com/viewtopic.php?t=24572

Page 1 of 1

unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Mon May 09, 2022 6:46 am
by nishant8900
hi there, i am using openkm CE 6.3 on windows 10 machine.

i am trying to connect Microsoft AD using LDAP and when i tried to see the users in the admin page,
it is showing only the 1000 users instead of all users.

kindly help me with this issue.

thank you!

Re: unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Sat May 14, 2022 5:09 pm
by jllort
That's because AD configuration that limits searches to 1000 results -> should modify this restriction from the side of the AD -> search in google for this windows restriction in searches and you'll find the parameter that must be configured in the Windows

Re: unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Mon May 16, 2022 10:27 am
by nishant8900
sir,
as per discussion with our IT Admins, they have configured similar LDAP with Microsoft AD in different applications and there were no such limit issues (they were able to get all users with is more than 2000+). So could you suggest any other alternate options to solve this.

thanks,
nishant

Re: unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Mon May 23, 2022 5:24 am
by jllort
The connection to the AD it is based on doing a query -> you have limited the number of results in a query to 1000. Can try to connect with a client tool to the AD, execute the same query you are doing in OpenKM and compare the results -> probably you'll get exactly the same. It is not the first time I see this behaviour.

Can try with https://docs.microsoft.com/en-us/sysint ... adexplorer

Re: unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Tue May 24, 2022 5:04 am
by nishant8900
hi there,
i managed to increase the user limit to more than 1000 for LDAP connection, but the list of user showing contains both active as well as inactive/deactivated users.
So how can i filter inactive/deactivated users so that only active users are visible?
i tried to set 'principal.database.filter.inactive.users' as True, but it doesn't seem to work for LDAP. kindly suggest any other alternative.

kindly help me to solve this isssue.

Regards,
nishant

Re: unable to see all users when connecting to Microsoft AD using LDAP

PostPosted:Sun May 29, 2022 4:32 pm
by jllort
In the case of AD integration can not enable or disable users from OpenKM ( manage users from OpenKM in the AD will be a security breach ). OpenKM is a reader from the AD, the control is on the side of the AD. You can show or hide users based in the filter set in the parameter principal.ldap.user.search.filter ( take a look at https://docs.openkm.com/kcenter/view/ok ... roles.html )
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited