Versions Compared

Version Old Version 12 New Version 13
Changes made by

Amit Munwes

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this scenario, the LDAP administrator defines an attribute (for example DPOD_Role attribute) at the user entry that contains the built-in role name of that user.

  • The attribute must be defined in the user class LDAP schema, which means that this schema might need to be extended.
  • For each user that should use DPOD's Web Console, add the attribute with one of the built-in role names (e.g. OpDashAdminRole).
    For example, an administrator user named "john" (cn=john)

...

  • should have the attribute "DPOD_Role=OpDashAdminRole".

If you choose this scenario, please make sure you have the following details:

User entry attribute name

The attribute name at the user entry that contains the built-in role name of that user.
e.g. "DPOD_Role"

Scenario B - Define the Built-in Role Name as an Attribute on the Group Entry

In this scenario, the LDAP administrator defines an attribute at the group entry that contains the built-in role name of users that belong to that group.

  • The attribute must be defined in the group class LDAP schema, which means that this schema might need to be extended.
    Usually, the built-in role name is stored as the group name (cn), thus avoiding the need to extend the schema.
  • Create 4 groups - one for each built-in role. The group names should be identical to the built-in role names if the chosen attribute is the group name (cn).
  • Add users to the groups.
    For example, an administrator user named "john" (cn=john)

...

  • should belong to a group named "OpDashAdminRole" (cn=OpDashAdminRole).

If you choose this scenario, please make sure you have the following details:

Group entry attribute nameThe attribute name at the group entry that contains the built-in role name of users that belong to that group.
e.g. "cn"

Step 1- choose your preferred scenario:

Scenario A - an attribute at the user directory entry

When your installation scenario matches Scenario A in the Concepts Section, perform the following steps:

  1. If necessary, add an attribute to the user class LDAP schema (e.g. DPOD_role attribute).
  2. For each user that should use DPOD's Console, add the attribute with one of the built-in role names:
    1. OpDashAdminRole
    2. OpDashPowerUserRole 
    3. OpDashOperatorRole
    4. OpDashInvestigatorRole

Scenario B - an attribute at the group directory entry

When your installation scenario matches Scenario B in the Concepts Section, perform the following steps:

  1. If necessary, add an attribute to the group class LDAP schema (e.g. DPOD_role attribute).
  2. Create 4 groups - one for each built-in role. The group names do not have to be identical to the built-in role names.
  3. For each group, if required, add the attribute with one of the following values:
    1. OpDashAdminRole
    2. OpDashPowerUserRole 
    3. OpDashOperatorRole
    4. OpDashInvestigatorRole

 

...