Open Source Document Management System | OpenKM

Hi there,

I'm using 5.0.4 with MS ldap. Everything is working fine.

But I may only add permissions based on user groups. If I add a permission for a single user, nothing happens. No error. And the folder does not appear for the user.

Where could be the error? Where should I start looking?

Example:
Group1 = User1, User2

FolderA (Permission for Group1)
-> User1 see it, User2 see it

FolderA
- SubFolderA1 (Permission for User1, permission for Group1 is not set - this entry isn't there)
-> no user sees this SubFolder
Why?

thank you

No idea?

Ok, so it seems like it is a bug in OpenKM.
I submitted it to the bugtracker.
http://issues.openkm.com/view.php?id=1649

But it is critical.

The username that is stored on security is the same as you're login ?

Do you have system.login.lowercase=on ? all users are lower case, that's usefull because ms has not difference bettween upper and lower case with users, but openk does.

The problem could be on the direction I've described or some ldap bad mapping, none of our customers that have ldap has this problem ( it's extrange that will be a new bug )

logon.lowercase is on, yes.

And the user login contains only lowercase characters (in the active directory). But in the users security tab the username is displayed. Not the user login. So everything seems fine.

make some screenshot where we can see desktop with some user loged and then other with the file ( security tab ) where you've got the problem with this user to see the roles, users that has grants, etc...

Ok.

First screen: Admin View
Second one: User view

as you can see on screenshot you're logged as "okmstudent" but the security grant has been set to "openkm student" that's not the same string, here you've got some problem "openkm student" might be "okmstudent" that's the reason why is not working the secutiry grant with that users and probably with others.

But where do I configure openkm to use the ldap login instead of the ldap real name?

The active directory user looks like this:
First name: openkm
Last name: student
sAMAcountname: okmstudent

The user logs in with the sAMAcountname (okmstudent).
But in the security tab, openkm only lists the users by their <firstname lastname> combination. So it should definitely be the same user. And openkm should do the mapping.

obviously you're not understanding that what are you looking on popup is considered the username as login name, if it's displayed as <firstname lastname> it's considering is referenced a login with username <firstname lastname>

I don't really understand, what's the problem. Maybe I used too similar usernames in the given example.

New example.
Firstname: Hans
Lastname: Meier
sAMAcountname: login1

Now I see "Hans Meier" in the security tab of openkm. And I login with "login1". But it's the same. With the login "login1" I can't see the folder with access for user "Hans Meier". But I can't choose "login1" in the security tab, because all users are listed with their <firstname, lastname> combination, e.g. "Hans Meier".

Your ldap configuration is wrong you must show in user list sAMAcountname: login1 not Firstname + Lastname ( for it reason you're not assigning privileges because Firstname + Lastname is not the username and system can not stablish a relation between username and Firstname + Lastname. Conclusion is user list must be shown username

Hm ok. I try to reconfigure the ldap connection.

But I thought is was a feature. Normally a user logs in with this sAMAcountname. But the security access should be configured with the CN (firstname, lastname). Because the CN is human readable and the sAMAcountname not necessarily shows which user is behind this login.

Edit: Maybe you can convert the bugtracker entry from a bug report to a feature request.

Edit2: The solution is But the feature request still exists. Because now I can use single user access rights, but it's not really good human readable.

I've added issue here http://issues.openkm.com/view.php?id=1656