LDAP Tools/Group Mapping
From Authentication Tools for Joomla! (JAuthTools)
(New page: Group Mapping is a feature of the Sync, SSO and SSI bots that allow users to automatically created and assigned the appropriate priviledges to the system. This means that when users are ad...) |
|||
| Line 1: | Line 1: | ||
| - | Group Mapping is a feature of the Sync, SSO and SSI bots that allow users to automatically created and assigned the appropriate | + | Group Mapping is a feature of the Sync, SSO and SSI bots that allow users to automatically created and assigned the appropriate privileges to the system. This means that when users are added to groups with in LDAP and then are automatically created on a Joomla! site they will be slotted into the appropriate group. The system uses a prioritization to determine the final Joomla! group membership depending on their LDAP group membership. Unless the LDAP Sync bot is enabled, the system will not alter users accounts and users who do not exist in LDAP will not be altered. Please keep in mind that by default the system will revert a user to registered status. This may cause issues on some systems where 'admin' is a legitimate account (such as Novell). |
The map syntax is simple: | The map syntax is simple: | ||
| Line 17: | Line 17: | ||
If a user was a member of the JoomlaAdmins group and a member of the JoomlaPublishers group, in this situation they would be given Publisher level access because its priority is higher than the one assigned to the super administrator level. However if they were a member of JoomlaAdmins and JoomlaManagers, they would be assigned Super Admin instead of Manager because of the different priority. | If a user was a member of the JoomlaAdmins group and a member of the JoomlaPublishers group, in this situation they would be given Publisher level access because its priority is higher than the one assigned to the super administrator level. However if they were a member of JoomlaAdmins and JoomlaManagers, they would be assigned Super Admin instead of Manager because of the different priority. | ||
| - | For these values, please consult one of your users groupMembership attributes. This has only been tested on Novell eDirectory based systems at present. | + | For these values, please consult one of your users groupMembership attributes. This has only been tested on Novell eDirectory and MSAD based systems at present. |
| - | + | ||
| - | + | ||
{{J15UserSources}} | {{J15UserSources}} | ||
[[Category:LDAP]] [[Category:User Sources]] | [[Category:LDAP]] [[Category:User Sources]] | ||
Revision as of 00:36, 18 May 2007
Group Mapping is a feature of the Sync, SSO and SSI bots that allow users to automatically created and assigned the appropriate privileges to the system. This means that when users are added to groups with in LDAP and then are automatically created on a Joomla! site they will be slotted into the appropriate group. The system uses a prioritization to determine the final Joomla! group membership depending on their LDAP group membership. Unless the LDAP Sync bot is enabled, the system will not alter users accounts and users who do not exist in LDAP will not be altered. Please keep in mind that by default the system will revert a user to registered status. This may cause issues on some systems where 'admin' is a legitimate account (such as Novell).
The map syntax is simple:
groupMembership|JoomlaGroupID|JoomlaUserType|Priority
Here is an example group map:
cn=JoomlaAdmins,ou=Groups,O=TestSite|25|Super Administrator|20 cn=JoomlaPublishers,ou=Groups,O=TestSite|21|Publisher|100 cn=JoomlaManagers,ou=Groups,O=TestSite|23|Manager|10
If a user was a member of the JoomlaAdmins group and a member of the JoomlaPublishers group, in this situation they would be given Publisher level access because its priority is higher than the one assigned to the super administrator level. However if they were a member of JoomlaAdmins and JoomlaManagers, they would be assigned Super Admin instead of Manager because of the different priority.
For these values, please consult one of your users groupMembership attributes. This has only been tested on Novell eDirectory and MSAD based systems at present.
Note: For Joomla! 1.5 this is supported via the User Sources system.
