COM-FSM
COM-FSM > SIS Documentation > Forms and Reports > Administration > LDAP Account

LDAP Account

Page last modified 06:49, 21 Feb 2012 by kgirrard
    Table of contents
    No headers

    LDAP account management

    Summary Administration of LDAP accounts, including database and e-mail services, and LDAP group assignments
    Maintainer Information Technology
    Source Information Technology
    Affects Student database access, UNIX accounts, other services authenticated via LDAP
    Affected By  
    Values  

    Requirements

    When submitting records, an account with enabled services must have a password defined. The form will require that you provide a password if one has not previously been specified.

    When creating new accounts, the login is verfiied to not exist on another account or (if IMAP support is enabled) not be associated with an active IMAP account (one with any messages present). If you delete an account you will be forced to wait until the IMAP account is deleted before the login may be re-used.

    Operation

    This form is one of many that manage LDAP account data, but only this form allows changes to LDAP services with any access level. Access to this form should be restricted to a minimal number of users.

    Access to individual LDAP Services is available only when a service is specified for an account and it is enabled. Forms that manage access to specific services (e.g. e-mail or database) will typically disable a service but leave the service record in place.

    LDAP Groups (defined on the UNIX Groups form) are active when they are specified and enabled. Some groups are automatically added to accounts based on information contained elsewhere in the database (this occurs whenever the LDAP->sync() method is called); those LDAP Groups are marked as "internal." The deletion of an "internal" group that has been automatically added may be reversed the next time automatic group memberships are checked. Disabling the group is preferred; the group status is not affected by the automatic group creation process.

    Powered by MindTouch Core