Searching for users in a multi-domain configuration with the 'Contains' type only return users from the primary domain
kbt134191
PRODUCTIssue
K2 was configured for multi-domain via the K2 Management site:
K2 Management > Users > K2 > Domains
But searching for users via the K2 Management site to assign server rights / process rights, only return users from the primary domain.
Symptoms
- Searching for users using the 'Contains' type only returns users from the primary domain
- Searching for users using 'Starts with'/'Equal to' does return the user successfully
- Executing the UMUser SmartObject > Get User Details does return information for users from all domains configured
- A bug was discovered when adding additional domains via the K2 Management site, the 'MultiDomain' attribute in the [RoleInit] column for the K2 security label does not get set to 'true.' This causes the 'Contains' filter to only return results from the primary domain.
<roleprovider>
<init>ADCache=0;LDAPPath=LDAP://DC=DENALLIX,DC=COM;ResolveNestedGroups=False;
IgnoreForeignPrincipals=False;IgnoreUserGroups=False;MultiDomain=false;
OnlyUseSecurityGroups=False;LogLevel=Error;LogSize=0;DataSources=<DataSources>
<DataSource Path="LDAP://DC=DENALLIX,DC=COM" NetBiosName="DENALLIX" />
</DataSources></init>
<login />
<implementation assembly="ADUM, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" type="ADUM.K2UserManager2" />
<properties>
<user>
<property name="Name" type="System.String" />
<property name="Description" type="System.String" />
<property name="Email" type="System.String" />
<property name="Manager" type="System.String" />
<property name="SipAccount" type="System.String" />
<property name="ObjectSID" type="System.String" />
<property name="DisplayName" type="System.String" />
<property name="CommonName" type="System.String" />
<property name="UserPrincipalName" type="System.String" />
</user>
<group>
<property name="Name" type="System.String" />
<property name="Description" type="System.String" />
<property name="Email" type="System.String" />
</group>
</properties>
</roleprovider>
Resolution
1. This attribute can be updated in the K2 database with an update statement. Please create a backup before doing so.
UPDATE [HostServer].[SecurityLabel]
SET [RoleInit] = REPLACE(CAST([RoleInit] as nvarchar(max)), 'MultiDomain=False', 'MultiDomain=True')
WHERE SecurityLabelName = 'K2'
2. Alternatively, delete one of the additional domain configurations and re-add it via the K2 Workspace site. This will set the 'Multidomain' attribute to 'true':
K2 Workspace > Management Console > [Server:Port] > User Managers > K2 > Domains