• unable to see all users when connecting to Microsoft AD using LDAP

  • We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #53499  by jllort
 
That's because AD configuration that limits searches to 1000 results -> should modify this restriction from the side of the AD -> search in google for this windows restriction in searches and you'll find the parameter that must be configured in the Windows
 #53503  by nishant8900
 
sir,
as per discussion with our IT Admins, they have configured similar LDAP with Microsoft AD in different applications and there were no such limit issues (they were able to get all users with is more than 2000+). So could you suggest any other alternate options to solve this.

thanks,
nishant
 #53534  by jllort
 
The connection to the AD it is based on doing a query -> you have limited the number of results in a query to 1000. Can try to connect with a client tool to the AD, execute the same query you are doing in OpenKM and compare the results -> probably you'll get exactly the same. It is not the first time I see this behaviour.

Can try with https://docs.microsoft.com/en-us/sysint ... adexplorer
 #53539  by nishant8900
 
hi there,
i managed to increase the user limit to more than 1000 for LDAP connection, but the list of user showing contains both active as well as inactive/deactivated users.
So how can i filter inactive/deactivated users so that only active users are visible?
i tried to set 'principal.database.filter.inactive.users' as True, but it doesn't seem to work for LDAP. kindly suggest any other alternative.

kindly help me to solve this isssue.

Regards,
nishant
 #53560  by jllort
 
In the case of AD integration can not enable or disable users from OpenKM ( manage users from OpenKM in the AD will be a security breach ). OpenKM is a reader from the AD, the control is on the side of the AD. You can show or hide users based in the filter set in the parameter principal.ldap.user.search.filter ( take a look at https://docs.openkm.com/kcenter/view/ok ... roles.html )

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.