LDAP and User Groups

DCIM_Support · ‎2020-07-03

I've recently configured my DCE (7.4.3) to use LDAP for users. ALl of the users that I select from my domain appear under a 'Remote Users' group and cannot be moved. Each user has two options: read/write off all devices or not being able to see any devices. Is this how it's supposed to be, or did I miss something? I'd like to be able to move users into pre-existing groups based on what they should see with regards to devices.

DCIM_Support · ‎2020-07-03

Hi Austin,

When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights.

If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that.

The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else.

Thanks,

Steve

See Answer In Context

DCIM_Support · ‎2020-07-03

Hi Austin,

When you add a remote user or group, you can not move them to other DCE groups. Only local users can be added to local groups. If you import an AD group, you must assign that group rights to different folders with things like Admin, sensor, or view only access. All users in that AD group will then have the same rights.

If you add users individually, you can give them different rights but as I mentioned, you can't add them to DCE groups. If you add both an AD user and an AD group that contains that user, I can't say how the system will react but I suggest not doing that.

The way to assign different AD users different rights but also have them in groups is to configure the groups in AD and add those groups and configure their rights as needed. there should be no instance where you can add a user or group to DCE and have either all or no rights and nothing else.

Thanks,

Steve

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

LDAP and User Groups

LDAP and User Groups

This is a heading