[Index]
To access the latest documentation, go to Documentation and Resources at: https://voss.portalshape.com
Overview
LDAP custom role mapping allows you to apply (in top-down deployments only) customized roles, to LDAP synced and moved users. The default roles are overwritten.
The table describes how LDAP custom role mapping works for LDAP user sync and LDAP user move:
Action | Description |
---|---|
LDAP user sync |
|
LDAP user move |
|
Add a LDAP Custom Role Mapping
In top-down deployments only, this procedure applies customized roles to LDAP synced and moved users, and overwrites default roles.
Field | Description |
---|---|
Active Directory Group | The user's Active Directory group, derived from 'memberOf', from the LDAP Schema. This must be an exact match of the value defined in Active Directory, for example, CN=Administrators,CN=Builtin,DC=test,DC=net. |
Target Role Context | The hierarchy for which the custom role mapping will be applied. This must match the hierarchy type where the users are synced, or their destination hierarchy when moved. For example, if a user is assigned a 'CustomerAdmin' role, and the LDAP user sync is configured at Customer level, then the Target Role Context must be set to Customer. If a user is assigned a 'SiteAdmin' role, and is being moved (manually or automatically) using 'Filter to a Site', then Target Role Context must be set to Site. |
Target Role | The role to apply to the user if their Active Directory Group and Target Role Context are matched. This must be a valid role at the user's destination hierarchy. This can be defined at a specific role or as a macro. For example, if the user is assigned a 'SiteAdmin' role, the role can be defined as the exact name of the role or defined as a macro, which allows re-use for any site name e.g. {{macro.SITENAME}}SiteAdmin. |
The DataModel which the admin-user can use to optionally define Role mappings between AD users and VOSS users. Instances of this model is then used by LDAP User Sync and Move User use-cases.
Title | Description | Details | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Active Directory Group * | A group in the Active Directory (AD) to which the user belongs. This is derived from the 'memberOf' from the LDAP Schema. This must be an exact match of the value defined in Active Directory, e.g. CN=Administrators,CN=Builtin,DC=test,DC=net. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Target Role Context * | This value defines the hierarchy for which the Custom Role Mapping will be applied. This must match the hierarchy type where the users are Synced, or their destination hierarchy when moved. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Target Role * | The role which will be applied to the user if their AD Group and Target Role Context are matched. This must be a valid role at the user's destination hierarchy. This can be defined at a specific role or defined as a macro. |
|