Idea ID 2867284
Reason: our Security department requests to manage authorization outside of LRE.
Because we implemented the interface to LDAP for authentication it would be a perfect solution to have also the support of LDAP groups. I expect that we have several groups in LDAP. Every one of these groups is assigned/linked to one role in LRE. The users defined in the assigned LDAP group should be added to the role/group in LRE by the interface.
I my opinion it is less important how the users are added to a specific LRE role/group, some ideas
- added/removed with a job that runs frequently
- after successful login of a specific user the user is added temporarily to that group as long as the user is logged in
Depending on the solution there is no need any more to manage the (not administrator) users in LRE. Whenever there is a user member in a LDAP group that is assigned/linked to a group in LRE that user can login to LRE and gets the correct permissions from the LRE group(s) he is member of.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.