Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page lists all the parameters required for LDAP configuration, and possible scenarios.

...

OpDashAdminRole mappingThe value of an attribute of LDAP entries that provide Admin access to users or groups. This is usually the name of the group of admins.
e.g. MyDpodAdminsGroup
OpDashPowerUserRole mappingThe value of an attribute of LDAP entries that provide Power User access to users or groups. This is usually the name of the group of power users.
e.g. MyDpodPowerUserGroup
OpDashOperatorRole mappingThe value of an attribute of LDAP entries that provide Operator access to users or groups. This is usually the name of the group of operators.
e.g. MyDpodOperatorsGroup
OpDashInvestigatorRole mappingThe value of an attribute of LDAP entries that provide Investigator access to users or groups. This is usually the name of the group of investigators.
e.g. MyDpodInvestigatorGroup
OpDashAppAdminRole mappingThe value of an attribute of LDAP entries that provide App Admin access to users or groups. This is usually the name of the group of DPOD installation admins.
e.g. MyDpodAppAdminsGroup

...

  • The LDAP administrator creates 5 groups within the LDAP registry - one for each built-in role - based on the organization's naming conventions and standards.
  • Users and other groups are added to the newly created groups according to the desired roles.
  • Map built-in roles using the names of the newly created groups (see "Mapping Built-in Roles" above).
  • Make sure to use "cn" as the group role attribute name and name and "group_attribute" as the built-in role method (see LDAP Configuration Script).

Advanced Configuration

Info

Use the advanced configuration only if the recommended one described above does not fit your needs.

...

  • The attribute must be defined in the user class LDAP schema, which means that this schema might need to be extended.
  • This attribute should have different values - one value for each DPOD built-in role.
  • Map built-in roles according to those values (see "Mapping Built-in Roles" above).
  • Make sure to use this attribute as the user role attribute name and name and "user_attribute" as the built-in role method (see LDAP Configuration Script).

Scenario B - Define the Built-in Role Name as an Attribute of the Group Entry

...

  • The attribute must be defined in the group class LDAP schema, which means that this schema might need to be extended.
  • This attribute should have different values - one value for each DPOD built-in role.
  • The LDAP administrator creates 5 groups within the LDAP registry - one for each built-in role. Each group should have a different value - one value for each DPOD built-in role.
  • Map built-in roles using the names of the newly created groups (see "Mapping Built-in Roles" above).
  • Make sure to use this attribute as the group role attribute name and name and "group_attribute" as the built-in role method (see LDAP Configuration Script).