User Management
The user management page allows managing users which can use the Allegro Network Multimeter. It is possible to:
- Create new users
- Edit users
- Change the password and modify the roles of the user.
- Disable users
- Disabled users are not able to login, but their settings are kept.
- Delete users.
- Notes:
- It is not possible to delete or disable the admin account.
- It is not possible to delete or disable the currently logged in user.
Roles
The only role currently defined is the admin role.
Only users with the admin role can:
- start captures
- change system settings
- manage users
- use WebDAV
LDAP users
In the LDAP users tab, it is possible to define an LDAP or Active Directory source for user management. The LDAP users are only an addition to the locally defined users. Locally defined users take precedence over LDAP users.
The values required depend on the setup of the LDAP server.
The user filter requires a %s as a placeholder for the username.
The group filter requires either %s as a placeholder for the username, or any ${value} attribute of the user. The special value ${DN} references the distinguished name of the user.
In the Allegro MM users group and Allegro MM admins group, a comma-separated list of the common name of the groups is given. If the user is in any of the groups, he is allowed to log in. If the user is in one of the admins group, he is treated as an administrator.
Example for a simple LDAP setup involving only the username:
User filter : (uid=%s) Group filter : (memberUid=%s) Users group : allegro-mm-users Admins group : allegro-mm-admins
Example for a more complex setup using the distinguished name of the user for filtering the groups and Active Directory-style user-filtering:
User filter : (&(sAMAccountName=%s)(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Group filter : (&(member=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
Users group : allegro-mm-users
Admins group : allegro-mm-admins
For recursive group membership resolution, the following group filter can be used for Active Directory:
Group filter : (&(member:1.2.840.113556.1.4.1941:=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
This recursive group filter might be slower, depending on the size of the directory. Depending on the setup, it is also possible to filter groups by distinguished name:
Group filter : (&(member:1.2.840.113556.1.4.1941:=${DN})(objectClass=group)(|(distinguishedName:=CN=allegro-mm-users,OU=Groups,DC=example,DC=com)(distinguishedName:=CN=allegro-mm-admins,OU=Groups,DC=example,DC=com)))