A common AD/LDAP module operation is as follows.
- A user opens the site and authorises. This implies typing the login and password used to authorise in the corporate network.
- The system connects to the server specified in the AD/LDAP module settings and verifies whether a user with the supplied credentials exist in the corporate server database:
- if no user with the supplied credentials exists in the corporate network, the system searches for this user in the
Bitrix Site Manager database. If the user still cannot be found, the system declines authorization;
- if the user is found, the system determines the corporate network user group for this user. After that, the system searches for the site user group using the
- The system verifies whether the user profile exists:
- if the user profile is not found, the system attempts to obtain the user data from the corporate server and then creates a new profile;
- if the user profile exists (which means a user had previously been authorised), the system checks whether any change has been made to the user profile on the corporate server. If so, the CMS user profile becomes updated to reflect changes.
- The user is granted permission to access the site resources and becomes authorised. The user permissions are defines as per his user group settings.
A site user who is a member of any group or groups registered in the Assignment Table may be deleted from the corporate network user list. In this case, if the user attempts to authorise on the site, the authorisation attempt will fail. At the same time, the user profile is still stored in the CMS database.
To allow the user authorise on the site via the common interface, enable the authorisation internal check. To do so, set the value of the field
Authorisation type to “internal check” in the administrative section and then update the user credentials (login and password).