ibexa

Path

ez publish / technical manual / 4.x / features / ldap login handler / roles and settings


Caution: This documentation is for eZ Publish legacy, from version 3.x to 5.x.

Roles and Settings

This part of the 4.x documentation is for eZ Publish 4.0, only reference section is common for all eZ Publish 4.x versions as well as eZ Publish 5.x "LegacyStack", please select the version you are using for the most up to date documentation!

Roles

The login handler handles users and groups, it will not create or assign any roles. Since there is no standard way to automate this function, this is the responsibility of the eZ Publish system administrator. Users and groups created by the login handler will only have the roles they inherit from their parent groups. If the roles they inherit are too restrictive, or they don't inherit any, such users may not be able to log in even when the LDAP authentication succeeded. Therefore it is recommended to create and assign a basic role with login rights to the LDAP root group (see LDAPGroupRootNodeId). This also applies to the default group (see LDAPUserGroup[]) if you want users to be able to login even when the group assignment failed.
In addition to this, it is common to make additional roles for each of the sub groups of the root group, granting the necessary permissions for each group.

Settings

LDAP login is configured in ldap.ini, for more information see descriptions in the settings file itself and the documentation regarding configuration files. In addition to this, LDAP must be enabled in the LoginHandler setting in site.ini (see examples in chapter LDAPGroupMappingType).

Ester Heylen (30/09/2009 1:19 pm)

Ricardo Correia (17/04/2013 2:56 pm)

Ester Heylen, Ricardo Correia


Comments

There are no comments.