User Management: Difference between revisions

User Management (view source)

62 bytes added , 31 August 2021

Move AD into its own sub-section

28

edits

@@ Line 58: / Line 58: @@
   Admin group :  allegro-mm-admins
-Example; for a more complex setup using the distinguished name of the user for filtering the groups and Active Directory-style user-filtering:
+==== '''Active Directory''' ====
+For active directory, the distinguished name ('${DN}') is used in the group filter:
   User filter : (&(sAMAccountName=%s)(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))
-  Group filter : (&(member=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
+  Group filter : (&(member=${DN})(objectClass=group))
   User group : allegro-mm-users
   Admin group : allegro-mm-admins
+A more complex group filter, using pre-filtering groups for performance reasons in large directories with lots of groups:
+ Group filter : (&(member=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
-For recursive group membership resolution, the following group filter can be used for the Active Directory:
+For recursive group membership resolution, the following group filter can be used (bug might be slower):
   Group filter : (&(member:1.2.840.113556.1.4.1941:=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
-This recursive group filter might be slower depending on the size of the directory.
 Depending on the setup, it is also possible to filter groups by distinguished name: