When using LDAP as DPOD's user registry, Users and Security Groups management are not available through DPOD itself, and therefore a different way to assign the built-in roles is required.
Your installation of DPOD may choose one of the following scenarios :
Scenario A - Define Roles as attributes on the user directory entry
With this method, the LDAP administrator defines an attribute, for example DPOD_role attribute, at the user directory entry level that contains the role name of that user.
Multiple roles are assigned using several instances of the attribute in the user entry.
The attribute must be defined in the user class LDAP schema.
Example 1:
An administrator user named "john" (CN=john) has the attribute "DPOD_role=OpDashAdminRole".
Scenario B - Define Roles as attributes on the group directory entry
With this method, the LDAP administrator defines an attribute at the group directory entry level that contains the role name of that group. The roles of a user are fetched by searching for all groups of a user and accumulating the values of the attribute from each group entry.
Multiple roles are assigned by adding the user to several groups that have that attribute defined. The attribute should be defined in the group class LDAP schema.
Example 2: (group CN equals to role name):
An administrator user named "john" (CN=john) belongs to a group named "OpDashAdminRole" (CN=OpDashAdminRole)
Example 3 (custom attribute):
An administrator user named "john" (CN=john) belongs to a group named "DPAdmins" that has the attribute "DPOD_role=OpDashAdminRole".DPOD may be configured to use an LDAP user registry. In that case:
- Users and security groups are managed within the LDAP user registry.
- DPOD performs LDAP queries to authenticate users and to assign them with security groups and roles.
- Defining users and security groups is not available via the Web Console.
- The internal database registry is not in use.
In order to configure LDAP, follow the following steps:
| Child pages (Children Display) |
|---|