You are not logged in.
Hi all,
I would like to create an 'authorization rule' that ensures every user who belongs to the Active Directory group 'PIPPO' is assigned to the GLPI supervisor profile. I have made many attempts without success and I would kindly ask if you could direct me to a guide
thanks
Offline
I am no expert in GLPI but would like to help you get started with this.
Have you tried to look at the attributes list that is available for LDAP?
Go to Administration -> Rules -> Rules for the user authorizations.
Create a new rule here (give it a name and put it on inactive and save to get advanced options).
The advanced options of this rule should open automatically after saving.
Here you select the tab 'Criteria', and select 'add'.
In the newly created criteria item you can select the drop down menu and see all the available LDAP attributes,
these correspond with the attributes found under the 'Attribute Editor' tab inside AD user profiles.
In your situation you could select 'LDAP Criteria = (LDAP) Member of', meaning it will only run this Rule if the member is part of a specific Group.
Alternatively you could give this group a unique 'department number' attribute
and select the criteria '(LDAP)Department Number' in GLPI rurles and input that unique number.
Once you have picked a suitable criteria you need to follow up with a Action for this Rule.
Select add new action and pick the entity or profile of your choice and the rule will enforce this.
In your scenario you would pick 'Profile -> Assign -> GLPI Supervisor'
Good luck!
Offline
It would be wuch better, if GLPI supported ACL roles based directly on LDAP groups. Group-based security is the preferred way for access management anyway.
Offline