Filter
Top Products
197
Note: The procedures in this chapter should be attempted only by experienced
users.
In This Chapter
Returning User Group Information ............................................................197
Setting the Registry to Permit Write Operations to the Schema .............198
Creating a New Attribute.............................................................................198
Adding Attributes to the Class ....................................................................199
Updating the Schema Cache ........................................................................201
Editing rciusergroup Attributes for User Members..................................201
Returning User Group Information
Use the information in this chapter to return User Group information
(and assist with authorization) once authentication is successful.
From LDAP
When an LDAP authentication is successful, Dominion KX II determines
the permissions for a given user based on the permissions of the user's
group. Your remote LDAP server can provide these user group names
by returning an attribute named as follows:
rciusergroup attribute type: string
This may require a schema extension on your LDAP server. Consult your
authentication server administrator to enable this attribute.
In addition, the standard LDAP memberOf is used.
From Microsoft Active Directory
Note: This should be attempted only by an experienced Active Directory
administrator.
Returning user group information from Microsoft's Active Directory for
Windows 2000 Server requires updating the LDAP schema. Refer to your
Microsoft documentation for more detail.
1. Install the schema plug-in for Active Directory - refer to Microsoft
Active Directory documentation for instructions.
2. Run Active Directory Console and select Active Directory Schema.
Appendix B
Updating the LDAP Schema