Closed susantjasinski closed 4 years ago
How about displaying LDAP User uid and group id. Because system admin should know the local user uid and its group id as well. Otherwise it will clash, right. Basically want to see the LDAP user details info.
@sivassrr are you asking for me to display all of the users that belong to the group ID; so perhaps have an "expand" icon that shows a list of user IDs?
New Changes to the page layout coming in January based on feedback ...
Have seen the updated design page provided @jandraa . Overall looks good, If we enable LDAP authentication, what happens to local user authentication. do we need to disable explicitly the local user authentication. Can we have an option for both or single authentication (either LDAP or local).
Thanks for the feedback @sivassrr ! I'm still learning the technicalities, can you help me understand what you mean by LDAP or local authentication? Are you possibly referring to user management?
On Mon, Feb 18, 2019 at 07:15:54AM -0800, Sivas SRR wrote:
Have seen the updated design page provided @jandraa . Overall looks good, If we enable LDAP authentication, what happens to local user authentication. do we need to disable explicitly the local user authentication. Can we have an option for both or single authentication (either LDAP or local).
IMHO enabling an ldap backend should not implicitly do anything to the local backend state. If it did, that would be unexpected by users and thus violates the https://en.wikipedia.org/wiki/Principle_of_least_astonishment
The designs were created with the impression that LDAP and local user management were and would be separate. After Siva's comment, I verified it was being developed that way, and it is. So disabling LDAP authentication would have no impact on the local users.
@bradbishop and @sivassrr We've gotten feedback that users could potentially have more than one server URI. Do you have an opinion on whether it would be expected that each server URI has its own set of properties (LDAP Type, BaseDN, BIND DN, BIND password, and Search Scope)? Or would these properties be the same and apply to all servers?
Yes each server URI can have its own set of properties like LDAP Type, BaseDN, BindDN, Search Scope and Bind Password.
Scenario where almost all properties can be change is when LDAP server is cloned to create another LDAP server. Even in this case as well, base LDAP server URI / Bind Password can be still be different. Minimum server URI will be different.
LDAP Settings - InVision Mockups for testing 11-2018
System Admins need to manage the communication configuration for authentication between the BMC and LDAP servers.
System Admins need to understand which certificates are being used for authentication and should be able to quickly go to the appropriate panel to change them.