Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:authldap [2019/01/15 15:54]
127.0.0.1 external edit
documentation:latest:authldap [2020/04/16 14:59] (current)
maxbes [Groups]
Line 82: Line 82:
   * **User source attribute**:​ name of the attribute in users entries used in the link (default: dn).   * **User source attribute**:​ name of the attribute in users entries used in the link (default: dn).
   * **Searched attributes**:​ name(s) of the attribute storing the name of the group, spaces separated (default: cn).   * **Searched attributes**:​ name(s) of the attribute storing the name of the group, spaces separated (default: cn).
 +  * **Decode searched value**: with Active Directory, member DN value is sometimes bad decoded and groups are not found, activate this option to force value decoding.
   * **Recursive**:​ activate recursive group functionality (default: 0). If enabled, if the user group is a member of another group (group of groups), all parents groups will be stored as user's groups.   * **Recursive**:​ activate recursive group functionality (default: 0). If enabled, if the user group is a member of another group (group of groups), all parents groups will be stored as user's groups.
   * **Group source attribute**:​ name of the attribute in groups entries used in the link, for recursive group search (default: dn).   * **Group source attribute**:​ name of the attribute in groups entries used in the link, for recursive group search (default: dn).
 +
 +<​note>​
 +The groups that the user belongs to are available as ''​$groups''​ and ''​%hGroups'',​ as documented ​ [[exportedvars#​extend_variables_using_macros_and_groups|here]]
 +</​note>​
 +
 +<note important>​
 +If your LDAP countains over a thousand groups, you should avoid using group processing, check out [[performances#​ldap_performances|the performance page]] for alternatives
 +</​note>​
  
 ==== Password ==== ==== Password ====
Line 95: Line 104:
   * **Reset value**: value to set in reset attribute to activate password reset (default: TRUE).   * **Reset value**: value to set in reset attribute to activate password reset (default: TRUE).
   * **Allow a user to reset his expired password**: if activated, the user will be prompted to change password if his password is expired (default: 0)   * **Allow a user to reset his expired password**: if activated, the user will be prompted to change password if his password is expired (default: 0)
 +  * **IBM Tivoli DS support**: enable this option if you use ITDS. LL::NG will then scan error message to return a more precise error to the user.
  
 <​html><​div class="​row"><​div class="​col-md-6"></​html>​ <​html><​div class="​row"><​div class="​col-md-6"></​html>​