留言板

Import LDAP users into Organisational Admin Role or User Group

Rod B,修改在11 年前。

Import LDAP users into Organisational Admin Role or User Group

New Member 帖子: 2 加入日期: 12-11-26 最近的帖子
Hi,

I'm struggling with this, I wonder if anyone can shed some light on it for me.

Liferay 6.1:
Fully hierarchical organisation setup with sites associated with organisations as required.
All users imported from LDAP as they login.
Their LDAP groups are aligned to their Organisation's Site(s), through User Groups mapped to their LDAP groups.
The User Groups are assigned to the Organisation Sites and the Roles associated with the User Group.
This is fine for the site admin's, ie; the users who have admin access to edit pages within their site(s).

We have a business case for "people admin's", ie; users who are able to edit the members within Organisations. They too have their authorisations in LDAP.

I am struggling to see how to set it up so these users are imported from LDAP and have the appropriate Role within the organisation.
As far as I can see, the Organisational & Regular Roles cannot be assigned to a Site, only the Site Role. I get that, but the Site Role does not have the appropriate permissions. It seems a User Group cannot be assigned to an Organisation, otherwise I would probably be able to follow the same procedure as with the Site admin's.

I'm simply trying to import LDAP users with an appropriate Role within an Organisation, such that they can edit that Organisations members.
Can anyone correct where I'm going wrong here or maybe straighten out my thinking please?

cheers,
Rod
Rod B,修改在11 年前。

RE: Import LDAP users into Organisational Admin Role or User Group

New Member 帖子: 2 加入日期: 12-11-26 最近的帖子
OK, so it went like this.

Spent quite some time trying to assign a User Group to an Organisation or Organisation Role, which seems impossible. So I changed the permissions on the User Group, such that it's members have permissions to Assign Members to a Regular Role assigned to an organisation/site.

Partially upside down thinking, maybe, but I could see no other way of assigning a Role to User Group members that allows these members to edit Users in an Organisation, and only that Organisation. (after LDAP import, of course)

LDAP users -> imported into User Groups -> User Group assigned to Regular Role -> User Group permissions set so members can assign other Users to a Regular Role -> Regular Role assigned to Site -> Bingo!

"People editors" of an organisation auth'd in LDAP.

HTH someone. (if it makes any sense)

Rod B