Table of Contents
Advertisement
Appendix H
Returning User Group Information
Updating the LDAP Schema
In This Chapter
Returning User Group Information ................................................................... 785
Setting the Registry to Permit Write Operations to the Schema ..................... 786
Creating a New Attribute .................................................................................. 786
Adding Attributes to the Class .......................................................................... 787
Updating the Schema Cache ............................................................................. 789
Editing rciusergroup Attributes for User Members .......................................... 789
Use the information in this section to return User Group information (and assist
with authorization) once authentication is successful.
From LDAP/LDAPS
When an LDAP/LDAPS authentication is successful, the PX3TS determines the
permissions for a given user based on the permissions of the user's role. Your
remote LDAP server can provide these user role names by returning an
attribute named as follows:
rciusergroup
This may require a schema extension on your LDAP/LDAPS server. Consult your
authentication server administrator to enable this attribute.
In addition, for Microsoft
used.
From Microsoft Active Directory
Note: This should be attempted only by an experienced Active Directory
administrator.
Returning user role information from Microsoft's
2000
operating system server requires updating the LDAP/LDAPS schema. See
®
your Microsoft documentation for details.
1.
Install the schema plug-in for Active Directory. See Microsoft Active
Directory documentation for instructions.
2.
Run Active Directory Console and select Active Directory Schema.
attribute type: string
Active Directory
, the standard LDAP memberOf is
®
®
®
®
Active Directory for Windows
785
Advertisement
Table of Contents
Troubleshooting
