Last Modified: 28.08.2023
LDAP module features
The AD/LDAP module has been developed with respect to LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) protocols one of which must be installed at the corporate server.
The AD/LDAP module is built on the concept of storing data as records containing sets of attributes; these records are stored in a hierarchical database. The following figure illustrates how the user group information is stored on the LDAP/AD server:
Using this structure to store user data, the AD/LDAP module can assign corporate user groups in accordance to Bitrix Framework user group.
The module allows to connect to several AD. The query to AD server occurs on each user authorization or during user import.
The corporate user groups are given permissions to access the corporate network resources. The corresponding site user groups have permissions to access the site resources. For example, the Techsupport group users can access the corporate mail server; while the Techsupport staff group users can access the Helpdesk module of the site.
A user can be assigned to one or more user groups. The system may contain user groups not mapped to those of the corporate network. The administrator has to add users to such groups manually. All changes made to the user profile on the corporate server will be automatically transferred to the CMS user profile at the next authorization time. In this case, only the user groups mapped to those of the corporate network are updated.