| Div | ||
|---|---|---|
| ||
|
...
| Div | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||
|
Notes about the properties:
...
Users created automatically with no email information in LDAP/AD will not receive system notifications. We recommend that you complete the 'email' field in LDAP/AD before first login or modify the Abiquo user details afterwards.
LDAP/AD Roles
After users log a user logs in, they are granted the first matching role. That is, if more than one LDAP/AD group has equivalence with Abiquo roles, the user will be granted the first group name because only one role is permitted in Abiquo. We do not guarantee the order of roles, so we strongly recommend that System Administrators maintain a one-to-one LDAP/AD group to Abiquo role relation for each user. The Role the platform grants them the role that is mapped to their LDAP/AD groups in the platform, first in their tenant or else at a global level. Abiquo allows only one role per user, so we recommend that you map each set of user groups to a single Abiquo role at the enterprise and/or global level. The user's role is synchronized between LDAP/AD and the Abiquo database.
LDAP/AD User Uniqueness
Users that were automatically created are labeled with 'LDAP' in the authType column in the Abiquo database. And the username will be the Distinguished Name (DN) of the user in LDAP/AD. The user is unique because it is a combination of the username and authtype. Toggling between authentication modes is not supported, but it is possible to swap to LDAP mode after installation by changing the appropriate properties. So if you install Abiquo and later decide to change to LDAP mode, users will still be unique.
...