This requires being connected to your server.
As of 9.7f we have the ability to use roles from your Active Directory (AD) to assign user groups. This is for someone who is looking to setup the user sync who also has some programming knowledge. Attached is sample code to help get started. The iDashboards Support Team will NOT support any custom code nor are we able to help with the mapping.
LDAP User Synchronizer
It is used to gather user information from an LDAP server such as Active Directory.
# These options are the same as the ones available with the LDAPLoginModule
PostAuthenticationProcessor.connectionURL=ldap://ldap.example.com
PostAuthenticationProcessor.connectionName=auser@example.com
PostAuthenticationProcessor.connectionPassword=[...]
PostAuthenticationProcessor.connectionPassword.encrypted=false
PostAuthenticationProcessor.userBase=OU=Users,DC=example,DC=com
PostAuthenticationProcessor.userSearch=(cn={0})
PostAuthenticationProcessor.userSubtree=false
Additionally, a script can be written to process the results from the LDAP Query. To enable it set the scriptEnabled property. You will also need to specify the file name of a JavaScript file in the config directory.
## Scripted LDAP options
PostAuthenticationProcessor.scriptEnabled=true
PostAuthenticationProcessor.scriptFile=user-sync.js
You can also specify a JSON file that contains any extra information you will need to process the user be sure to enable it with the jsonEnabled property. The file will need to be in the config directory and configured with the jsonFile property.
## Scripted LDAP extra config
PostAuthenticationProcessor.jsonEnabled=true
PostAuthenticationProcessor.jsonFile=user-properties.json
JavaScript API
The JavaScript API offers a simplified interface for synchronizing user information. The script is provided several global variables to retrieve information about the user and groups.
username:String - The name provided by the user when logging in
userInfo:ExternalUserInfo - This object should be modified by your script. All of the user’s properties will be replaced by the values from this object. It is pre-populated with the defaults specified in the ivizgroup.properties file.
attributes:javax.naming.directory.Attributes - the attributes retrieved from the LDAP server for the specified user
groups:GroupInfoFactory - offers methods to retrieve information on a user group
json:Object - the information contained in the JSON file, will only be available if jsonEnabled set to true
logger:Logger - outputs information to the iDashboards system log
ExternalUserInfo: type
- getStatus/setStatus(status: String) - ALLOWED, DENIED, ERROR
- getMessage/setMessage(message: String) - if the status is ERROR this message will be displayed
- getFirstName/setFirstName(firstName: String) - the users first name, pre-populated from the LDAP response
- getLastName/setLastName(lastName: String) - the users last name, pre-populated from the LDAP response
- getUserRole/setUserRole(role: String) - the users role, can be any of A (Admin), D (Data Admin), B (Builder), V (Viewer)
- getEmail/setEmail(email: String) - the users email address, pre-populated from the LDAP response
- getPrimaryGroupId/setPrimaryGroupId(id: Number) - the ID of the primary group the user will be in
- getSecondaryGroupIds/setSecondaryGroupIds(ids: Number[]) - an array of IDs for secondary groups the user will be in
GroupInfoFactory: type
- getGroupIdFromName(name: String): Number - get the group ID for the given name
- getGroupNameFromId(id: Number): String - get the group Name for the given ID
- getGroupList(): GroupInfo[] - get a list of all the groups in the repository
- getGroupFromName(name: String): GroupInfo - get the group for the given Name
- getGroupFromId(id: Number): GroupInfo - get the group for the given ID
GroupInfo: type
- getGroupName(): String - get the name for this group
- getGroupId(): Number - get the ID for this group
Logger: type
- isDebugEnabled(): Boolean - a Boolean indicating whether or not debug messages will be written to the log
- debug(message: String) - writes a debug-level message to the log
- info(message: String) - writes an info-level message to the log
- warn(message: String) - writes a warning-level message to the log
- error(message: String) - writes an error message to the log
Setting the Users Default Dashboard
userInfo.setStartupDashId(number);
The valid values are:
null |
|
0 or -1 | The user will have no startup dashboard |
any other integer value |
Will be treated as a dashboard ID and set as favDash1. No validation will occur |
The default is the value from the PostAuthenticationProcessor.default.STARTUP_DASH_ID property in ivizgroup.properties or null if not set.
If the above is unable to resolve the issue, then please contact Your Organization's Active Directory Admin for further assistance.
Comments
0 comments
Please sign in to leave a comment.