Views: 1903
Last Modified: 28.08.2023

  LDAP module features

The AD/LDAP module has been developed with respect to LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) protocols one of which must be installed at the corporate server.

The AD/LDAP module is built on the concept of storing data as records containing sets of attributes; these records are stored in a hierarchical database. The following figure illustrates how the user group information is stored on the LDAP/AD server:

Using this structure to store user data, the AD/LDAP module can assign corporate user groups in accordance to Bitrix Framework user group.

The module allows to connect to several AD. The query to AD server occurs on each user authorization or during user import.

  Assignment table

The assignment rules exist in a special Assignment table in the site’s Control Panel. The assignment allows user groups of the site and the corporate network to have different names. For example, a corporate network user group Techsupport can be mapped to a site user group Techsupport staff in Bitrix Framework. Having this assignment made, the administrator enables the corporate network techsupport members to provide consultancy on the site.

The corporate user groups are given permissions to access the corporate network resources. The corresponding site user groups have permissions to access the site resources. For example, the Techsupport group users can access the corporate mail server; while the Techsupport staff group users can access the Helpdesk module of the site.

According to this example, a Techsupport corporate user will be automatically added to the Bitrix Framework site Techsupport staff user group upon successful authorization on the site. After that, the system automatically creates the user account stored on the corporate server.

  User assigned to several groups

A user can be assigned to one or more user groups. The system may contain user groups not mapped to those of the corporate network. The administrator has to add users to such groups manually. All changes made to the user profile on the corporate server will be automatically transferred to the CMS user profile at the next authorization time. In this case, only the user groups mapped to those of the corporate network are updated.

  Summary:

The AD/LDAP module enables to:

  • integrate Bitrix Framework in the corporate network;
  • import users Using the Control panel's page User import (Settings > Users > Imports Users). Use Active Directory / LDAP to import users:

    Learn more ...
    from corporate network to Bitrix Framework;
  • map the corporate network user groups to the Bitrix Framework user groups;
  • automatically create user profiles as per Assignment Table upon successful registration. (The system creates the profile using data requested from the corporate server database);
  • manage user profiles via the corporate server in a centralized fashion.

The AD/LDAP integration also allows using NTLM authorization (NT LAN Manager). This requires an IIS or Apache web server with mod_ntlm or mod_auth_sspi.



0


Courses developed by Bitrix24