PlateSpin Orchestrate uses only one attribute of a given LDAP user: its group membership. For example, if the following settings were already configured in PlateSpin Orchestrate,
BaseDN 'dc=domain,dc=novell,dc=com' UserAttribute 'uid' UserPrefix 'ou=Users'
you could further configure PlateSpin Orchestrate to identify users belonging to an LDAP group using the setting LDAP:groupnocase:administrators.
You would do this by specifying a filter in PlateSpin Orchestrate using these settings:
GroupFilter 'memberUid=${USER_NAME}' GroupPrefix 'ou=Groups' GroupAttribute 'cn'
Applying these settings would let authenticated users belonging to the “administrators” LDAP group be added to the “administrators” user group in PlateSpin Orchestrate (and so allow them to log in to the Development Client, for example).
For information on configuring these settings in PlateSpin Orchestrate, see The Orchestrate Server Authentication Page
in the PlateSpin Orchestrate 2.5 Development Client Reference.
NOTE:Depending upon your selection at the
drop down list on the subpanel of the page of the Orchestrate Development Client, the configuration fields change to reflect the relevant settings. (One server type is , the other is .)The general concepts for LDAP authentication discussed above also apply to Active Directory authentication.