Auto Add Customer based on LDAP Profiles (LDAP
authentication only)
Auto-added customers are normally added to the same set
of Workspaces and have the same default Workspace and customer user type.
If LDAP password authentication is used, you can optionally create custom
profiles for auto-added customers based on an LDAP attribute. For
example, if the LDAP server has an attribute ou
(Organizational Unit), and each user is assigned to an ou
such as Finance,
Sales,
Marketing,
etc., a profile can be made for each of these units in FootPrints.
The profile
includes such information as customer user type, default Workspace, and
additional Workspace membership. In this way, users from the Sales
group can be placed in one workspace automatically, while users from the
Marketing
group are placed in a different Workspace. Multiple profiles can be
created.
Note
Because of multiple authentication methods, the auto add
page does more checking to determine whether single profile mode is available
to it. If
either or both authentication methods are LDAP, you can create multiple
profiles. If
you have currently selected a method other than LDAP and attempt to go
into multiple profile mode, you are warned and, if you accept it, you
automatically use LDAP authentication. Conversely,
if you are in multiple profile mode and attempt to change to an authentication
method that is not LDAP, you are warned and you lose any multiple profiles
you have created as you return to single profile mode.
To create custom profiles based on an LDAP attribute:
Enable LDAP password
authentication for the FootPrints system (not the same as an LDAP
Address Book). Each auto-added customer who accesses FootPrints
must have an ID and password in the LDAP database. Refer
to the section on Authentication for
more information.
On the Auto-Add
Customer page, click the Switch
to Multiple Profile Mode link.
The Auto-Add
Customer page is redrawn with the custom profile options. These
include radio buttons for Use
LDAP Filter and Use
Substring of Distinguished Name, a field for setting the Criteria
and one for setting the Profile
Name, and a Profiles
box to manage custom profiles. Multiple
profiles can be set, so you can specify one or more Distinguished Name
criteria and, in addition, specify one or more LDAP search filters, which
will search the LDAP attributes for the customer who is logging in to
find matches.
For each profile,
enter the LDAP attribute and/or Distinguished Name criteria that should
be met for a Customer to become part of the profile (ou=accounting,
for example).
Note
Make sure that the profile criteria are part of the distinguished
name string to correctly assign profiles to auto-added users.
Name each profile
(e.g., Accounting)
that you enter. Naming
the profile allows all of the customers in that group to be manipulated
as a single entity through the Edit
Customer page. The name must follow the naming rules for
FootPrints IDs
(i.e., no spaces and no special characters as the first character).
Select a default
Workspace for the profile. This is the Workspace customers matching the criteria
log into by default.
Other compatible
Workspaces may appear in the box on the right; highlight any Workspaces that
should be accessible by customers in the group you are defining.
Select a customer
user type for the profile.
Click the ADD button to add
the Profile
Name to the Profile
List. The
profile is displayed in the Profiles
box on the right.
To create additional
profiles, repeat the above steps and click ADD as
many times as needed.
Use the EDIT and DELETE buttons to
manage existing profiles.
To create a default
Profile that is used for any auto-added customers that do not fit into
a custom profile, leave the Criteria
and Profile
Name fields blank and click ADD. This profile
is given the name Default.
When you have finished
creating profiles, scroll down to the bottom of the screen and click GO.
Note
As LDAP password authentication is enabled, the Password
Retrieval option cannot be used.
Now when customers log into FootPrints for the
first time, they are added to the system automatically. If multiple
profiles were created, they receive the profile assigned to them based
on their ou
or other LDAP attribute. If only one default profile was created,
all customers receive that profile.