Embedded Files
LDAP Plus Operation
[EE 7.0+] The LDAP Plus Operation sign on is almost identical to an LDAP sign on, with the exception that after the user is authenticated against LDAP, an SQL operation is run to retrieve a property Row.
Steps for configuring LDAP Plus Operation Authentication
1) Follow the steps defined for LDAP authentication, with the exception that Sign On Type = LDAP Plus Operation Sign On (step: Configure the Application).
2) Within the LDAP application, create an operation of type Authentication. Set the Operation Code to the SQL that will be used to retrieve the desired properties Row. Use a built-in parameter, such as ???USERID (the user ID used to sign onto the application) or any fields from the LDAP signon row (prefaced with "???", e.g ???USER), to filter the results returned from the operation so they correspond with the user signing on:
Optionally, the Authentication operation can exist in another application (or application set to shared, where the application ID = None or -1) or be set to type SQL Operation. In this case, you will need to use the sqlOperation property to specify the operation ID. For example, if the operation ID of the Authentication/SQL operation is 1025, then include the following property in the LDAP property group:
sqlOperation:1025;
User Groups
User Groups
[EE 7.0+] User groups can be used to secure applications, operations and fields. A user can be assigned to one or more groups, and the groups represent a certain level of authorization. WOW supports the follow types of User Groups:
LDAP Signon - When using an LDAP type signon, all groups a user belongs to are automatically gathered when the user signs in and the LDAP server is contacted for signin authorization. That group list is then retained as part of the user's session and can then later be used by WOW to see if the user is authorized to an application, operation or field. See LDAP [Minimum Version: WOW 7.0] for more details on configuring an LDAP signon for groups.
SQL Operation Signon - When defining an SQL Operation Signon, if one of the fields retrieved by the operation has a usage ID = -135, the string value will be parsed (comma separated) for one or more user group names. That group name list is retained as part of the user's session and can then later be used by WOW to see if the user is authorized to an application, operation or field.
Once you have your application configured to keep track of a user's groups, follow the instructions below for User Group Authorization List.
Page updated
Report abuse