Appendix H
Returning User Group Information
Updating the LDAP Schema
In This Chapter
Use the information in this section to return User Group information (and assist
with authorization) once authentication is successful.
From LDAP/LDAPS
When an LDAP/LDAPS authentication is successful, the PX3TS determines the
permissions for a given user based on the permissions of the user's role. Your
remote LDAP server can provide these user role names by returning an
attribute named as follows:
rciusergroup
This may require a schema extension on your LDAP/LDAPS server. Consult your
authentication server administrator to enable this attribute.
In addition, for Microsoft
used.
From Microsoft Active Directory
Note: This should be attempted only by an experienced Active Directory
administrator.
Returning user role information from Microsoft's
2000
operating system server requires updating the LDAP/LDAPS schema. See
®
your Microsoft documentation for details.
1.
Install the schema plug-in for Active Directory. See Microsoft Active
Directory documentation for instructions.
2.
Run Active Directory Console and select Active Directory Schema.
attribute type: string
Active Directory
, the standard LDAP memberOf is
®
®
®
®
Active Directory for Windows
785