IBM© DataPower Operations Dashboard v1.0.5.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

When using LDAP as DPOD's user registry, Users and Security Groups management are not available through DPOD itself, and therefore a different way to assign the built-in roles is required.

Your installation of DPOD may choose one of the following scenarios :

Scenario A - Define Roles as attributes on the user directory entry

With this method, the LDAP administrator defines an attribute, for example DPOD_role attribute, at the user directory entry level that contains the role name of that user.
Multiple roles are assigned using several instances of the attribute in the user entry.
The attribute must be defined in the user class LDAP schema.

Example 1:

An administrator user named "john" (CN=john) has the attribute "DPOD_role=OpDashAdminRole".

Scenario B - Define Roles as attributes on the group directory entry

With this method, the LDAP administrator defines an attribute at the group directory entry level that contains the role name of that group. The roles of a user are fetched by searching for all groups of a user and accumulating the values of the attribute from each group entry.
Multiple roles are assigned by adding the user to several groups that have that attribute defined. The attribute should be defined in the group class LDAP schema.

Example 2: (group CN equals to role name):

An administrator user named "john" (CN=john) belongs to a group named "OpDashAdminRole" (CN=OpDashAdminRole)

Example 3 (custom attribute):

An administrator user named "john" (CN=john) belongs to a group named "DPAdmins" that has the attribute "DPOD_role=OpDashAdminRole".

  • No labels

IBM© DataPower Operations Dashboard (DPOD) v1.0.5.0