ibexa

Path

ez publish / technical manual / 4.3 / features / ldap login handler / roles and settings


Caution: This documentation is for eZ Publish legacy, from version 3.x to 5.x.

Roles and Settings

Roles

The log-in handler handles users and groups, it will not create or assign any roles. Since there is no standard way to automate this function, this is the responsibility of the eZ Publish system administrator. Users and groups created by the log-in handler will only have the roles they inherit from their parent groups. If the roles they inherit are too restrictive, or they don't inherit any, such users may not be able to log in even when the LDAP authentication succeeded. Therefore it is recommended to create and assign a basic role with login rights to the LDAP root group (see LDAPGroupRootNodeId). This also applies to the default group (see LDAPUserGroup[]) if you want users to be able to log-in even when the group assignment failed.

In addition to this, it is common to make additional roles for each of the sub groups of the root group, granting the necessary permissions for each group.

Settings

LDAP login is configured in ldap.ini, for more information see descriptions in the settings file itself and the documentation regarding configuration files. In addition to this, LDAP must be enabled in the LoginHandler setting in site.ini (see examples in chapter LDAPGroupMappingType).

Ester Heylen (14/09/2010 12:00 pm)

Geir Arne Waaler (05/10/2010 8:21 am)

Ester Heylen, Geir Arne Waaler


Comments

There are no comments.