You are viewing limited content. For full access, please sign in.

Question

Question

Forms Participants licenses are not using AD groups for Form security access

Version 9 Forms Security Licensing
Updated February 26, 2018
asked on June 4, 2014

We have configured 100+ forms and tested everything with Full Named User licenses and AD groups for form specific security. For example, here are two of the forms:

 

  • HR Renew Insurance - Form submitter access granted to an AD group: "All Bank Employees"
  • AP Pay Vendor - Form submitter access granted to 2 AD groups: "AP Team" and "Exec Team"

 

Now that the forms are ready to go live, we started testing with 200 Forms Participants licenses. Once we switch the same users from Full Named licenses to Participant licenses, the users can no longer see the forms. The current workaround is to add all the participant users manually to each form's security page.

 

Are we doing something wrong here? Will 9.2 provide a solution to this issue?

 

0 0

Answers

APPROVED ANSWER
replied on June 8, 2014

LDAP participant can only inherit right for LDAP groups that added as participant:it can't inherit from LDAP groups which are listed under the Named Users tab for System Security page, but can only inherit from LDAP groups which are listed under Participants tab. So if the LDAP group is added in the Laserfiche Repository, then synchronized to Forms, LDAP participant can't inherit right from it.

The LDAP groups under the base distinguished name of LDAP Server Profile for participants will be added as LDAP groups under participants tab if same SID doesn't exist in named users tab.  So if you want to use the LDAP groups as participant, you can do following actions:

1. remove the group from the LDAP Groups in the Laserfiche repository

2. synchronize users from System Security page in Forms

3. when the LDAP group is marked as disabled in the named users list, click the "delete" button to remove it

4. click synchronize again, the LDAP group will be added as group in the Participants tab

1 0
SELECTED ANSWER
replied on June 6, 2014 Show version history

Participant licenses use LDAP integration and not the AD integration that you get with a Named User. With participant licenses, you currently cannot use groups. You might have also noticed that their usernames are different. Named Users use the logon name from AD while participant licenses use the email address associated with the user from the LDAP lookup. I know this feature has been requested by others though so hopefully it will make it in a future version (soon).

3 0

Replies

replied on June 28, 2016

Does this situation where AD and LF Groups do not allow participant users to inherit rights in Forms still exist in Laserfiche 10.1?

 

Michelle

1 0
replied on June 28, 2016

Hi Michelle, the behavior in 10.1 is same as before, LDAP participant can't inherit right from Windows Group and LF group, can only inherit right from LDAP participant group.

1 0
replied on August 6, 2014

Blake, are you saying that you cannot use Active Directory groups as participant users?  Or are you saying that you cannot use LF groups?

0 0
replied on August 6, 2014

As a participant user you cannot use AD Groups or LF Groups.

1 0
replied on August 8, 2014

You can add a AD group as participant group if the group belong to the base distinguish name of the profile configured for participant, but participant user can't inherit right from Windows Group and LF Group you added in the repository

1 0
replied on February 26, 2018

Wait, if I understand this right I am hearing two conflicting answers.

LDAP does not share group related security configurations with Named Users.

LDAP will not display a security group if it is configured under Named Users.

Either they are tied together or they are not correct?

For example: If I want to grant access to Domain Users.

By the former statement I would configure Domain Users under both Named Users and LDAP.

By the latter statement I would only configure Domain Users under Named Users, but this violates the first statement.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...