How to assign a repository license in Web Client

replied on September 10, 2018

Hi Chad,

Laserfiche Privileges covers most aspects of the user creation process, but only Laserfiche System Managers can make modifications to the named user list. This does not NEED to be a user who is a local admin on the Lf Server machine and, in fact, if it's not a domain user it likely can't be found outside of that machine. Local admins on the Lf Server machine are in this group by default, but any domain user can be added to the System Manager group (your last step in the Lf Admin Console). But here's the thing, if you can add a user to the System Manager group... you are already a system manager. So you should just be able to use that same user account. The only difference is that the web client can't automatically make use of your current windows login, you just need to enter it in manually.

0 0

View 4 previous replies

replied on September 10, 2018

The local user I setup has not been added to any administrative groups, there is no domain to choose from leaving me with just local accounts, so it is just a new local account. I added the user to the System Manager group though so that it could be used to set licenses.

I am able to assign licenses when RPD directly into the server, I am trying to enable another user to assign licenses.

0 0

replied on September 10, 2018

Hi Chad,

My point is, how are you adding that user to the named user group in the first place? Who are you signed in as at that point? Or can that only happen when you are RPD'd into the Server as well? If there's no domain (and therefore no domain users), yeah, you may have to be local on the machine.

0 0

replied on September 10, 2018

It is not a named user for Laserfiche, just a system manager. The named license is assigned to the Repository User account they are signing into the repository with.

This is where I am confused, why do we need an additional Windows account and even if I create it, I am still told that it is not a system manager after making it a system manager.

0 0

replied on September 10, 2018 • Show version history

The only reason you need an additional account is if you cannot use an account that is a member of the local administrators group (windows) on the machine where the Lf Server is installed. This user has to be outside of repository security because these are server-wide operations at a level above that of the repository. For example, the same domain (windows) user would be used to do operations such as create or delete repositories - obviously that can't be a user within the repository itself as it might not even exist yet. Named user assignment is the one thing that is a bit ambiguous as you place it on a repository user (a repository action) but the act of actually assigning a named user slot to a specific repository/repository user is at the Lf Server level, hence needing to be a system manager.

My point above is that you don't NEED to create a separate (windows) user for it, if you've already got a local admin account (a domain account that is a member of the local admin group on the machine the Lf Server is installed on). You can just use that one if so. The difference is that the desktop admin can see that you are logged into Windows as that account and automatically use it, the web admin tools cannot so you get prompted to provide the credentials. Since you already showed that you are a system manager account by being able to add another account into the system manager list in the desktop administration console (picking up your credentials from your windows log-in), you shouldn't even need the other account and just use whatever account you were using to do that operation.

0 0

replied on September 10, 2018

I can add users to the System Managers group as the built in Windows Administrator [.\Administrator] but I can't login as a System Manager with either the Windows Administrator or the LFAdmin account using the Web Client Administration site. I get the notification posted above that they are not system managers, when they are.

The reason I am creating the LFAdmin account is because I would not give out the local Windows Administrator account to a user just to add a license. I understand what your saying by adding another form of authentication, but it doesn't appear to be working in a non-domain environment. How do you handle your cloud customers?

0 0

replied on September 10, 2018

Ok, I see. Yeah, it's probably not working in a domain environment because remote web sites can't resolve those local users. I expect the user would work if you remoted into the local machine (like you do with local admin), although then you still have to remote in. I'm curious - do you see environments that do not have domains frequently, or is it a very uncommon scenario?

This is not an issue in Laserfiche Cloud as user allocation and account management is handled in a completely different manner.

0 0

replied on September 11, 2018

Very few clients use Repository Users, but almost every company under 100 employees will not use an on-premise server any longer. The IT maintenance, power, and cooling costs are just not worth it when so many software companies now offer hosting. This means their server will be hosted and they will use ldap for authentication, which causes the same problem. It is becoming more and more of a problem, about 50% of customers demand a hosted solution, and I think it will increase by 10% year over year until an on-premise server is very rare.

I have not seen anyone order the Laserfiche cloud option yet so I don't know what it looks like and if there are any limitations.

The only limitation we seem to run into with hosted servers is this license assign feature and the super strange generated usernames that users have to login with instead of their assigned username.

0 0

Discussion

Discussion

How to assign a repository license in Web Client

Comments 8

Follow-Ups 0

Sign in to reply to this post.