Sitescope only allowing certain LDAP users access

Hi all,

I have successfully setup Sitescope talking to our LDAP servers with an example context of DC=abc,DC=def,DC=ghij,DC=net (for our domain abc.def.ghij.net)
When the setting Enable same permissions for all LDAP users is ticked and set all is good.

However we are not wanting everyone to be able to login.
So lets say we have a user called dummyfred in the AD and they are a part of an AD group called Sitescope?
Is there a way to restrict LDAP login to only users who are a part of the Sitescope AD group?

I tried setting up individual users but could not get the idea of the user context, much the same with the roles.
Would someone be able to explain this part of the LDAP integration using my above test case?

Thanks,
Terry

Tags:

  • 0  

    Hi Terry,

    yes, I think it is possible.

    You need to provide LDAP Context and provide the AD group that you want to allow login to SiS.

    In my lab, I created LDAP group named "sis" with only 1 user. This is the LDAP settings page:

    and here is the test result:

    and here is the test result when I removed the LDAP context filtering:

  • 0 in reply to   

    Thanks Asaf,


    OK, I've tried that after finally figuring out the LDAP context for the group but it looks like it is picking up the group itself.
    I also get 1 user was found for the group but the group has 3 members.
    Could that be something to do with the advanced settings?

  • Verified Answer

    +1 in reply to 

    OK, I have found the answer.
    The Sitescope documentation can be quite confusing talking about contexts for users. That is not needed.
    What I found was an old HP slideshow (looked like training) from when Sitescope was owned by HP.

    What you do is setup up the LDAP settings and context as per normal so for my example context was DC=abc,DC=def,DC=ghij,DC=net
    Make SURE to leave Enable same permissions for all LDAP users UNTICKED.
    Then create a new user role which has the exact same name as an AD group.
    From there you can create permissions for that group and it is all based on the domain users in that group.
    So I created a SiteScope-Admin and Sitescope-User AD group and added them as user roles.
    Rest of the domain can't login to sitescope,SiteScope-Admin group has full rights and Sitescope-User has anything delete disabled.

    Thanks for trying to help.