When configuring Active Directory and/or LDAP Auth. It is possible to create multiple groups, you just have to also create the corresponding group on the Opengear. Setting the permissions in that group.
For example, if you are a member of 5 separate groups in LDAP you can make those same groups exist on the Opengear to have desired result. Essentially, just a match that must take place on the Opengear and LDAP/AD server.
i.e., CN=admingroup,OU=blah,DC=company,DC=com
If you are a member of this example group and you place that path in the admin group DN, you will effectively receive "admin" privileges.
Further, if you want lesser permissions then you do the following if you are a member of the following groups...
CN=losergroup,OU=blah,DC=company,DC=com
CN=lessergroup,OU=blah,DC=company,DC=com
CN=lackeygroup,OU=blah,DC=company,DC=com
then add...
CN=losergroup,OU=blah,DC=company,DC=com"
Into the user group DN and then create some custom groups named lessergroup and lackeygroup and assign permissions accordingly. That way if you are a member of "losergroup" and "lessergroup" you will effectively receive "users" role and the permissions defined in the custom group "lessergroup"...
Therefore, if you are a member of all 3 groups then you get in with losergroup and the combined permissions given in "lessergroup" and "lackeygroup".
See diagrams...
Comments
0 comments
Article is closed for comments.