This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

K2 was configured for multi-domain via the K2 Management site:

K2 Management > Users > K2 > Domains

But searching for users via the K2 Management site to assign server rights / process rights, only return users from the primary domain.

Symptoms

- Searching for users using the 'Contains' type only returns users from the primary domain

- Searching for users using 'Starts with'/'Equal to' does return the user successfully

- Executing the UMUser SmartObject > Get User Details does return information for users from all domains configured

- A bug was discovered when adding additional domains via the K2 Management site, the 'MultiDomain' attribute in the [RoleInit] column for the K2 security label does not get set to 'true.' This causes the 'Contains' filter to only return results from the primary domain.

<roleprovider>
<init>ADCache=0;LDAPPath=LDAP://DC=DENALLIX,DC=COM;ResolveNestedGroups=False;

IgnoreForeignPrincipals=False;IgnoreUserGroups=False;MultiDomain=false;

OnlyUseSecurityGroups=False;LogLevel=Error;LogSize=0;DataSources=&lt;DataSources&gt;

&lt;DataSource Path="LDAP://DC=DENALLIX,DC=COM" NetBiosName="DENALLIX" /&gt;
&lt;/DataSources&gt;</init>
<login />
<implementation assembly="ADUM, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" type="ADUM.K2UserManager2" />
<properties>
<user>
<property name="Name" type="System.String" />
<property name="Description" type="System.String" />
<property name="Email" type="System.String" />
<property name="Manager" type="System.String" />
<property name="SipAccount" type="System.String" />
<property name="ObjectSID" type="System.String" />
<property name="DisplayName" type="System.String" />
<property name="CommonName" type="System.String" />
<property name="UserPrincipalName" type="System.String" />
</user>
<group>
<property name="Name" type="System.String" />
<property name="Description" type="System.String" />
<property name="Email" type="System.String" />
</group>
</properties>
</roleprovider>

Resolution

1. This attribute can be updated in the K2 database with an update statement.  Please create a backup before doing so.

UPDATE [HostServer].[SecurityLabel]
SET [RoleInit] = REPLACE(CAST([RoleInit] as nvarchar(max)), 'MultiDomain=False', 'MultiDomain=True')
WHERE SecurityLabelName = 'K2'

2. Alternatively, delete one of the additional domain configurations and re-add it via the K2 Workspace site. This will set the 'Multidomain' attribute to 'true':

K2 Workspace > Management Console > [Server:Port] > User Managers > K2 > Domains