Page 1 of 1

User role management in AD using LDAP

PostPosted:Thu Jun 09, 2022 9:34 am
by nishant8900
hi,
I have connected to AD using LDAP and all the users are being listed.
Before implementing AD using LDAP, i could change the users role and access in the frontend using users option in administration tab, but that option is no longer available once i switched to AD. Now i am not able to change user's role like that (the edit option is not visible anymore in users list), although i could do it by changing it in AD at the backend.

I don't want to change the AD every time i want to change a user's role, instead what i want is a way, such that i change it in frontend.
So, my question is that as an administrator, how can I manage user's role and access in the frontend if the users are being listed from the AD?

Regards
nishant8900

Re: User role management in AD using LDAP

PostPosted:Fri Jun 10, 2022 6:18 pm
by jllort
When integrating AD in OpenKM, the control is totally in the AD side. OpenKM acts as a reader of the information contained in the AD. If OpenKM be able to change information in the AD you will have a security breach, this is not the way how you integrate AD.

Re: User role management in AD using LDAP

PostPosted:Fri Jun 17, 2022 12:19 pm
by nishant8900
Hi,
I was thinking of using authentication using AD/LDAP and authorization using our opekm DB
for that i referred viewtopic.php?t=24388.
But didn't got my desired result.
So i want to ask if there is any other way or any 3rd party which we can use for authentication using AD but changing user roles from our openkm Database?
considering the AD users dump will be in our Database without passwords

regards,
nishant8900

Re: User role management in AD using LDAP

PostPosted:Sun Jun 19, 2022 4:45 pm
by jllort
In the professional edition is possible to login using the AD, but getting the roles from the openkm database is like a mixing configuration ( middle in the AD and other in the openkm databaes ). Anyway, I suggest get everything from the same poll, I can not understanding what is the problem to get roles from your AD if at the same time you are using the user for authentication, why authentication is a good option for you, but not managing roles from there?

Usually administrator wish to manage everything from a single point.

Re: User role management in AD using LDAP

PostPosted:Mon Jun 20, 2022 8:43 am
by nishant8900
hi,
Actually we have 50+ roles in our case and if we have to change a role for a user then we have to get IT support since they have the access to change roles in AD. and this could prove out to be a hassle for both IT and other departments.
and there might be frequent changes in the roles due to department changes as well.
Thus, i am looking for a way to change it using system admin in our OpenKM.

regards
nishant8900

Re: User role management in AD using LDAP

PostPosted:Mon Jul 04, 2022 9:27 am
by jllort
Mixing authentication is not implemented in the CE you should do some modification in the CE to get it working at 100% anyway an aproach will be something like:

* About login in the OpenKM.xml the configuration will be like this one https://docs.openkm.com/kcenter/view/ok ... ation.html
* About getting users and roles could try using the default database adapter -> basically must create all the users you have in the AD and set all the roles -> but the login will not going from database, will be done from AD ( basically the password set in the administration will not have any kind of usage ).

In the professional the administration is adapted to the mixing configuration in your scenario you will manage users and roles in the administration like administering database configuration but really login with AD ( it means some options what should be disabled in your scenario will be enabled )