Active Directory groups to user role
PostPosted:Wed May 23, 2012 10:39 am
Hello!
I have OpenKM version 5.1.9 installed. JBOSS is configured to use both OpenKM database and MS AD authentication in three sections of jBOSS login-config.xml
one for the okmAdmin, one for AD users with admin role and another one for AD users with user role.
There in my AD I create OU "okm" for all okm-related stuff, and, inside it, user okm for reading AD, group okmUsers, group okmAdmins.
All works fine except one thing: I can add any user to members of group okmUsers and they will be able to log-in, but when I add a group ("finance", for example) to members of okmUsers, members of group "finance" can`t log-in with error "no matches found" in jboss security log.
I don`t understand what should I change in the login-config.xml to enable group adding to the OKM-users.
Sure, I can add all users manually, but our AD contains more than 1000 users and groups, and I don`t need all of them inside OKM, only 300-400.
I have OpenKM version 5.1.9 installed. JBOSS is configured to use both OpenKM database and MS AD authentication in three sections of jBOSS login-config.xml
one for the okmAdmin, one for AD users with admin role and another one for AD users with user role.
There in my AD I create OU "okm" for all okm-related stuff, and, inside it, user okm for reading AD, group okmUsers, group okmAdmins.
All works fine except one thing: I can add any user to members of group okmUsers and they will be able to log-in, but when I add a group ("finance", for example) to members of okmUsers, members of group "finance" can`t log-in with error "no matches found" in jboss security log.
I don`t understand what should I change in the login-config.xml to enable group adding to the OKM-users.
Sure, I can add all users manually, but our AD contains more than 1000 users and groups, and I don`t need all of them inside OKM, only 300-400.
