Open Source Document Management System | OpenKM

Hi
I am working on Openkm 6.3CE, and
i have connected with ldap and i am able to see 2000+ users as well as 5000 roles successfully.
But I created some new roles in AD (like ROLE_ADMIN, ROLE_USER, etc) and assigned that role to some users. In users list those roles are visible in front of the corresponding users but the new roles that i created are not showing in role list in administration tab.
we created 5 more roles but number of roles getting is still 5000, number of roles are not increasing
Roles like ROLE_ADMIN and ROLE_USER are not showing in role list
Can you please suggest a way to solve it.

I have set the following values to config parameters:
principal.adapter: com.openkm.principal.LdapPrincipalAdapter
principal.ldap.role.attribute: cn
principal.ldap.role.search.base: DC=COMPANY,DC=COM
principal.ldap.role.search.filter: (objectclass=group)
principal.ldap.roles.by.user.attribute: memberOf
principal.ldap.roles.by.user.search.base: DC=COMPANY,DC=COM
principal.ldap.roles.by.user.search.filter: (&(objectClass=person)(sAMAccountName={0}))

if i use principal.ldap.role.search.filter: (&(objectclass=group)(memberOf=CN=ROLE_USER,OU=GROUPS,OU=OpenKM,DC=COMPANY,DC=COM)) then role list becomes empty. NO ROLES SHOWS IN THE ROLE LIST

Thanks

When you are integrated with AD you can not create roles or update anything in the AD otherwise will be a security break. In this scenario, OpenKM is a reader - consumes information - of the AD and all the control is delegated in the AD ( you must create, update, etc... always on the AD side.

Hi,
I think there is some confusion, that's not what i am saying.
What i meant was i created roles in AD, Through AD side i created the roles. And roles are visible in AD
I did not create role in AD from Openkm.
When I am opening the AD, roles are visible over there (ie. in AD),
but the new roles i created are not reflected in Openkm.
by using principal.ldap.role.search.filter: (objectclass=group), we are getting about 5000 roles,
but apart from that I want other roles that we created in AD like (ROLE_ADMIN, ROLE_USER, etc) to be visible in openkm as well.
as of now, by default all users are member of ROLE_USER and only some user are ROLE_ADMIN

Thanks

Getting 5K roles have not any kind of sense, you should only be interested in getting what will be used by openkm. In this scenario should create a ROLE_OPENKM and assign the roles that you wish to be shown in the openkm, for example, ROLE_USER and ROLE_ADMIN should be members of ROLE_OPENKM.

The use a filter condition like = (&(objectclass=group)(memberOf=CN=ROLE_OPENKM,.... ) to get all the groups what are member of ROLE_OPENKM in your AD