Table of Contents
Advertisement
About Contribute and LDAP or Active Directory
Lightweight Directory Access Protocol (LDAP) is a protocol for accessing information directories. Microsoft Active
Directory and LDAP are types of directory services. In the case of directory services, a directory is like a telephone
book and not like a directory (folder) on your computer.
You can integrate the User Directory service of CPS with your directory service. The User Directory is an appli-
cation service that enables you to centrally manage users.
When you integrate with your LDAP directory, you control who can access your website and how they are authen-
ticated.
Using the User Directory service, you can add your entire LDAP user directory for your website, or
LDAP branches
you can indicate specific branches to search.
You have the following options:
• Add the root node of your LDAP tree to the user directory, and enable search for users or groups in any of the
branches.
• Add specific branches to the user directory and determine the scope of the search—whether you want to search
only the branch or the branch and any subbranches. This way, you can exclude certain branches of your LDAP
tree from the search.
For each branch you add, you can define a user search only or you can define a user and a group search.
For example, suppose your LDAP directory has three branches: East, Central, and West. You want to integrate with
the LDAP directory your entire company, so in the following example, you add one branch for a user search to the
user directory:
User branch with baseDN:o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
Now, suppose you want to include only the Central and West branches and you want to define user and group
searches. You add the following four branches to the user directory:
User branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
User branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
Group branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=groupOfNames)
Group branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=groupOfNames)
LDAP permissions and Contribute permissions
layer of permissions. When connecting to an LDAP or Active Directory server, CPS respects any file/folder permis-
sions set by the LDAP or Active Directory service. Contribute permissions are layered on top of the directory service
or the network/server permissions and are applied globally.
Contribute permissions, which are settings stored in an XML file at the root of your website, are specific controls
for the Contribute editing environment. These permissions are not assigned on a per-user basis; they are groups of
settings that Contribute reads when first connecting to a website. Contribute then conforms to these settings during
the editing process. Contribute administrators can specify access to certain folders for different user roles.
Integrating your company LDAP directory with CPS adds another
ADOBE CONTRIBUTE CS3
38
User Guide
Advertisement
Table of Contents
