Tim,
If you’re using groups in your LDAP source, you can use those groups to
apply permissions as though they were tags. For Active Directory, at least, the
prefix is “$lgcn_” so it looks like (in Main page : Configuration :
Permissions):
allow {$lgcn_NetworkAdminsGroup} and {Network}
allow {$lgcn_StorageAdminsGroup} and {Storage}
If you don’t want to use LDAP/AD groups, it also looks like you can add
Explicit Tags just by creating a local user with the same username. The local
user’s username should match the LDAP username, and the password should be some
gibberish (it won’t get used, because you have authentication set to use LDAP).
Then, any tags you add to that local user are explicit on the network user with
the same username.
--
Anthony Pereira
Systems Administrator
Wellesley Public Schools
pereiraa@xxxxxxxxxxxxxxx
781-446-6210 x5451
On May 8, 2017, at 15:24, Tim W <twielgos@xxxxxxxxx> wrote:
So I have LDAP auth working and am diving in to permissions.
I want to be able to give my Network guys access to the Network stuff, the
Server guys access to the Server stuff, and the Storage guys access to the
Storage stuff, and I don't want to allow any of them to screw each other's
stuff up. I want to do that by tagging the equipment and setting up
permissions.
I see where I can apply tags to local users in the local users page, but I
don't see how I can apply tags to LDAP users or groups.
Any ideas how that can happen?
Thanks,
Tim
