Differences

This shows you the differences between two versions of the page.

--- technical:ldap-integration-rba [2025/06/08 05:15] – system
+++ technical:ldap-integration-rba [2025/06/08 06:35] (current) – [Adjusting the rights of a role] system
@@ Line 28: / Line 28: @@
 ===== Common Settings =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server.
+<panel type="primary">
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password.
+{{:technical:ldap:ldap_rba_common.png|}}
-  - **Server authenticates:** The server checks the username and password against its stored credentials.
+</panel>
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection.
+  * The LDAP group to RBA mapping is optional functionality available as a complement to the standard LDAP integration.
+  * To ensure that the LDAP user has a pleasant experience the first time they log in, we pre-define the default Cloud and Realm they will be assigned to.
+  * As stated earlier, we also give the option to specify the attribute that will contain the groups the user belongs to.
+  * The recommended value is //memberof//, all in lowercase.
+-----------------
 ===== Admin =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server.
+<panel type="primary">
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password.
+{{:technical:ldap:ldap_rba_admin.png|}}
-  - **Server authenticates:** The server checks the username and password against its stored credentials.
+</panel>
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection.
+   * The Admin role will typically include the most components to include.
+-----------------
 ===== Operator =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server.
+<panel type="primary">
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password.
+{{:technical:ldap:ldap_rba_operator.png|}}
-  - **Server authenticates:** The server checks the username and password against its stored credentials.
+</panel>
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection.
+  * The Operator role will typically have less components selected compared to the Admin role, but more components then the View role.
+-----------------
 ===== View =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server.
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password.
-  - **Server authenticates:** The server checks the username and password against its stored credentials.
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection.
----------
-====== Test LDAP Settings ======
-  * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended.
-  * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page.
 <panel type="primary">
-{{:technical:ldap:ldap_settings_test.png|}}
+{{:technical:ldap:ldap_rba_view.png|}}
 </panel>
+  * The View role will typically have the least components selected of the available three roles.
+---------
+====== Adjusting the rights of a role ======
+  * Should you need to adjust the rights for one of the roles, there is a dedicated section in the Wiki which covers that topic.