11-11-2022 06:07 AM
Hello,
I need to make a share action available only for users from a specific LDAP group.
I know that I can use an Evaluator to build this logic but my problem is that I don't know how to access the LDAP information from ACS. Is there an OOTB way to do this?
I'm using ACS 7.2 Enterprise.
Best regards,
Francisco Duarte
11-13-2022 03:54 PM
Hi:
Try defining an evaluator based in evaluator.doclib.action.groupMembership.
For example:
<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>
You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.
Then you may use the evaluator inside the action definition.
<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>
Regards.
--C.
11-13-2022 03:54 PM
Hi:
Try defining an evaluator based in evaluator.doclib.action.groupMembership.
For example:
<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>
You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.
Then you may use the evaluator inside the action definition.
<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>
Regards.
--C.
11-14-2022 07:24 AM
Hello,
Is this supposed to work with LDAP groups?
In Admin Tools > Users > Admin, I see the group ALFRESCO_ADMINISTRATORS for example.
I tried to add this group to the XML and it didn't work.
After that, I tried SiteManager, and it worked. It seems this evaluator.doclib.action.groupMembership only works with the site roles and not LDAP groups.
Best regards and thankyou for your answer,
Francisco Diarte
11-14-2022 07:42 AM
Hello,
Never mind my last post. I had to add the "GROUP_" before the group name.
It's working now.
Thanks for the help,
Francisco Duarte
Explore our Alfresco products with the links below. Use labels to filter content by product module.