• Created roles not visible in role list

  • We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #53968  by nishant8900
 
Hi
I am working on Openkm 6.3CE, and
i have connected with ldap and i am able to see 2000+ users as well as 5000 roles successfully.
But I created some new roles in AD (like ROLE_ADMIN, ROLE_USER, etc) and assigned that role to some users. In users list those roles are visible in front of the corresponding users but the new roles that i created are not showing in role list in administration tab.
we created 5 more roles but number of roles getting is still 5000, number of roles are not increasing
Roles like ROLE_ADMIN and ROLE_USER are not showing in role list
Can you please suggest a way to solve it.

I have set the following values to config parameters:
principal.adapter: com.openkm.principal.LdapPrincipalAdapter
principal.ldap.role.attribute: cn
principal.ldap.role.search.base: DC=COMPANY,DC=COM
principal.ldap.role.search.filter: (objectclass=group)
principal.ldap.roles.by.user.attribute: memberOf
principal.ldap.roles.by.user.search.base: DC=COMPANY,DC=COM
principal.ldap.roles.by.user.search.filter: (&(objectClass=person)(sAMAccountName={0}))

if i use principal.ldap.role.search.filter: (&(objectclass=group)(memberOf=CN=ROLE_USER,OU=GROUPS,OU=OpenKM,DC=COMPANY,DC=COM)) then role list becomes empty. NO ROLES SHOWS IN THE ROLE LIST

Thanks
 #53975  by jllort
 
When you are integrated with AD you can not create roles or update anything in the AD otherwise will be a security break. In this scenario, OpenKM is a reader - consumes information - of the AD and all the control is delegated in the AD ( you must create, update, etc... always on the AD side.
 #53978  by nishant8900
 
Hi,
I think there is some confusion, that's not what i am saying.
What i meant was i created roles in AD, Through AD side i created the roles. And roles are visible in AD
I did not create role in AD from Openkm.
When I am opening the AD, roles are visible over there (ie. in AD),
but the new roles i created are not reflected in Openkm.
by using principal.ldap.role.search.filter: (objectclass=group), we are getting about 5000 roles,
but apart from that I want other roles that we created in AD like (ROLE_ADMIN, ROLE_USER, etc) to be visible in openkm as well.
as of now, by default all users are member of ROLE_USER and only some user are ROLE_ADMIN

Thanks
 #53997  by jllort
 
Getting 5K roles have not any kind of sense, you should only be interested in getting what will be used by openkm. In this scenario should create a ROLE_OPENKM and assign the roles that you wish to be shown in the openkm, for example, ROLE_USER and ROLE_ADMIN should be members of ROLE_OPENKM.

The use a filter condition like = (&(objectclass=group)(memberOf=CN=ROLE_OPENKM,.... ) to get all the groups what are member of ROLE_OPENKM in your AD

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.