Creating an LDAP query
To synchronize an RBAC user database with an LDAP-based user registry, you must run queries on the LDAP server. These queries identify the groups and users in the LDAP registry that you want to synchronize with RBAC.
When preparing to synchronize with an LDAP user registry, you need to define two queries: one to identify groups and a second to identify the users in those groups.
For information about modifying LDAP queries, see Modifying-LDAP-queries.
To create an LDAP query
- In the RBAC Manager folder, select LDAP Synchronization > LDAP Queries.
- Create a new LDAP query by right-clicking and selecting New > LDAP Query.
The LDAP Query Creation wizard appears. - Provide information for the LDAP query, as described in the following topics:
Click here to see descriptions of the fields.
The Properties panel provides a list of properties automatically assigned to the job being created. In this list, you can modify the value of any properties that are defined as editable.
For any property that has a check in the Editable column, select the property and click in the Value column.
- To set a property value back to its default value, click Reset to Default Value
.
The value of the property is reset to the value it inherits from a built-in property class. The Value Source column shows the property class from which the value is inherited. - Depending on the type of property you are editing, you can take different actions to set a new value, such as entering an alphanumeric string, choosing from an enumerated list, or selecting a date.
To insert a parameter into the value, enter the value, bracketed with double question mark delimiters (for example, ??MYPARAMETER??) or click Select Property
.
- To set a property value back to its default value, click Reset to Default Value
Click here to see descriptions of the fields.
Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as depot objects. ACLs control access to all objects, including the sharing of objects between roles. For more information, see the following table:
Task
Description
Adding an authorization
An authorization grants permission to a role to perform a certain type of action on this object.
To add authorization to this object, click Add Entry
in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.Adding an ACL template
An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.
To add an ACL template to the object, click Use ACL Template
in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.To set the contents of the selected ACL templates so that they replace all entries in the access control list, select Replace ACL with selected templates. If you do not select this option, the contents of the selected ACL templates are appended to existing entries in the access control list.
Adding an ACL policy
An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.
To add an ACL policy to this object, click Use ACL Policy
in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.To set the contents of the selected ACL policies so they replace all entries in the access control list, select Replace ACL with selected policies. If you do not select this option, the contents of the selected ACL policies are appended to existing entries in the access control list.
- Click Finish at any time to close the wizard and save your changes.
Where to go next