Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:authldap [2019/02/02 16:02]
coudot [Groups]
documentation:2.1:authldap [2020/04/16 14:59] (current)
maxbes [Groups]
Line 75: Line 75:
 </​note>​ </​note>​
  
-==== Groups ==== 
  
-  * **Search base**: DN of groups branch. If no value, disable group searching. +<​note>​ 
-  * **Object class**: objectClass of the groups ​(default: groupOfNames). +The groups ​that the user belongs ​to are available as ''​$groups''​ and ''​%hGroups''​, as documented ​ [[exportedvars#​extend_variables_using_macros_and_groups|here]] 
-  * **Target attribute**:​ name of the attribute in the groups storing the link to the user (default: member). +</​note>​
-  * **User source attribute**:​ name of the attribute in users entries used in the link (default: dn). +
-  * **Searched attributes**:​ name(s) of the attribute storing the name of the group, spaces separated (default: cn). +
-  * **Decode searched value**: with Active Directory, member DN value is sometimes bad decoded and groups ​are not found, activate this option to force value decoding. +
-  * **Recursive**:​ activate recursive group functionality (default: 0). If enabled, if the user group is a member of another group (group of groups)all parents groups will be stored ​as user's groups. +
-  * **Group source attribute**:​ name of the attribute in groups entries used in the link, for recursive group search (default: dn).+
  
 +<note important>​
 +If your LDAP countains over a thousand groups, you should avoid using group processing, check out [[performances#​ldap_performances|the performance page]] for alternatives
 +</​note>​
 ==== Password ==== ==== Password ====
  
Line 96: Line 93:
   * **Reset value**: value to set in reset attribute to activate password reset (default: TRUE).   * **Reset value**: value to set in reset attribute to activate password reset (default: TRUE).
   * **Allow a user to reset his expired password**: if activated, the user will be prompted to change password if his password is expired (default: 0)   * **Allow a user to reset his expired password**: if activated, the user will be prompted to change password if his password is expired (default: 0)
 +  * **IBM Tivoli DS support**: enable this option if you use ITDS. LL::NG will then scan error message to return a more precise error to the user.
  
 <​html><​div class="​row"><​div class="​col-md-6"></​html>​ <​html><​div class="​row"><​div class="​col-md-6"></​html>​