You are here: Chapter 7: Configuration and Administration > System Administration > Users > Auto Add Customer based on LDAP Profiles

Auto Add Customer based on LDAP Profiles (LDAP authentication only)

Auto-added customers are normally added to the same set of Workspaces and have the same default Workspace and customer user type.  If LDAP password authentication is used, you can optionally create custom profiles for auto-added customers based on an LDAP attribute.  For example, if the LDAP server has an attribute ou (Organizational Unit), and each user is assigned to an ou such as Finance, Sales, Marketing, etc., a profile can be made for each of these units in FootPrints.  The profile includes such information as customer user type, default Workspace, and additional Workspace membership.  In this way, users from the Sales group can be placed in one workspace automatically, while users from the Marketing group are placed in a different Workspace.  Multiple profiles can be created.

Note

Because of multiple authentication methods, the auto add page does more checking to determine whether single profile mode is available to it.  If either or both authentication methods are LDAP, you can create multiple profiles.  If you have currently selected a method other than LDAP and attempt to go into multiple profile mode, you are warned and, if you accept it, you automatically use LDAP authentication.  Conversely, if you are in multiple profile mode and attempt to change to an authentication method that is not LDAP, you are warned and you lose any multiple profiles you have created as you return to single profile mode.

To create custom profiles based on an LDAP attribute:

  1. Enable LDAP password authentication for the FootPrints system (not the same as an LDAP Address Book).  Each auto-added customer who accesses FootPrints must have an ID and password in the LDAP database.  Refer to the section on Authentication for more information.
  2. On the Auto-Add Customer page, click the Switch to Multiple Profile Mode link.
  3. The Auto-Add Customer page is redrawn with the custom profile options.  These include radio buttons for Use LDAP Filter and Use Substring of Distinguished Name, a field for setting the Criteria and one for setting the Profile Name, and a Profiles box to manage custom profiles.  Multiple profiles can be set, so you can specify one or more Distinguished Name criteria and, in addition, specify one or more LDAP search filters, which will search the LDAP attributes for the customer who is logging in to find matches.
  4. For each profile, enter the LDAP attribute and/or Distinguished Name criteria that should be met for a Customer to become part of the profile (ou=accounting, for example).

Note

Make sure that the profile criteria are part of the distinguished name string to correctly assign profiles to auto-added users.

  1. Name each profile (e.g., Accounting) that you enter.  Naming the profile allows all of the customers in that group to be manipulated as a single entity through the Edit Customer page.  The name must follow the naming rules for FootPrints IDs (i.e., no spaces and no special characters as the first character).
  2. Select a default Workspace for the profile. This is the Workspace customers matching the criteria log into by default.
  3. Other compatible Workspaces may appear in the box on the right; highlight any Workspaces that should be accessible by customers in the group you are defining.
  4. Select a customer user type for the profile.
  5. Click the ADD button to add the Profile Name to the Profile List.  The profile is displayed in the Profiles box on the right.
  6. To create additional profiles, repeat the above steps and click ADD as many times as needed.
  7. Use the EDIT and DELETE buttons to manage existing profiles.
  8. To create a default Profile that is used for any auto-added customers that do not fit into a custom profile, leave the Criteria and Profile Name fields blank and click ADD. This profile is given the name Default.
  9. When you have finished creating profiles, scroll down to the bottom of the screen and click GO.

Note

As LDAP password authentication is enabled, the Password Retrieval option cannot be used.

Now when customers log into FootPrints for the first time, they are added to the system automatically.  If multiple profiles were created, they receive the profile assigned to them based on their ou or other LDAP attribute.  If only one default profile was created, all customers receive that profile.