Hey Folks,
I installed ilias v5.4 and configured a LDAP Authentication with use of an AD security group named "ilias".
In detail: my AD stores "AD-student-users" within the orgaunit (OU) "Students" and "AD-teacher-users" within the OU "Teachers".
I assigned the security group "ilias" (stored in OU "Groups") to each "AD-student-user" and each "AD-teacher-user" (cf. pic01.png).
The creation of new, security group filtered AD-users on the ilias-installation works perfect, but...
...the (automatic) role assignment in the administrative "Authentication and Registration" section does not work at all.
What I want is an automatic assignment for "AD-student-users" and "AD-teacher-users" to the ilias-roles "student" and "teacher".
What I got so far is the assignment to the ilias role "user" for all "AD-users".
What I did so far is:
1) On the page "Server Settings" I have to(!) assign an ILIAS-Role (I choose: User) - but I did not want to assign that role (automatically)! (cf. pic02.png)
2) On the page "Role Assignment" I assigned the global (ilias) roles "student" und "teacher" to all incoming AD-users equipped with the security group "ilias" and the attribute values "student" or "teacher"; in my case two DNs (cf. pic03.png)
3) I thought I was wrong with 2) and I decided to edit the page "ILIAS Role >> LDAP Group Mapping" (cf. pic04.png)
My questions are:
1) what is the difference between "Role Assignment" and "ILIAS Role >> LDAP Group Mapping"? I think(!) the difference is that the page "Role Assignment" is used to assign ilias-roles to "incoming" AD-users (what I want to have implemented) and that the page "ILIAS Role >> LDAP Group Mapping" is used to assign incoming (to ilias) and outgoing (to the AD) traffic. Right?
2) Do I have to use "Role Assignment" or "ILAS Role >> LDAP Group Mapping" for my project?
2) What do I have to do to assign the incoming AD-users to the correct ilias-roles? :-)
Best regards,
Oliver
I installed ilias v5.4 and configured a LDAP Authentication with use of an AD security group named "ilias".
In detail: my AD stores "AD-student-users" within the orgaunit (OU) "Students" and "AD-teacher-users" within the OU "Teachers".
I assigned the security group "ilias" (stored in OU "Groups") to each "AD-student-user" and each "AD-teacher-user" (cf. pic01.png).
The creation of new, security group filtered AD-users on the ilias-installation works perfect, but...
...the (automatic) role assignment in the administrative "Authentication and Registration" section does not work at all.
What I want is an automatic assignment for "AD-student-users" and "AD-teacher-users" to the ilias-roles "student" and "teacher".
What I got so far is the assignment to the ilias role "user" for all "AD-users".
What I did so far is:
1) On the page "Server Settings" I have to(!) assign an ILIAS-Role (I choose: User) - but I did not want to assign that role (automatically)! (cf. pic02.png)
2) On the page "Role Assignment" I assigned the global (ilias) roles "student" und "teacher" to all incoming AD-users equipped with the security group "ilias" and the attribute values "student" or "teacher"; in my case two DNs (cf. pic03.png)
3) I thought I was wrong with 2) and I decided to edit the page "ILIAS Role >> LDAP Group Mapping" (cf. pic04.png)
My questions are:
1) what is the difference between "Role Assignment" and "ILIAS Role >> LDAP Group Mapping"? I think(!) the difference is that the page "Role Assignment" is used to assign ilias-roles to "incoming" AD-users (what I want to have implemented) and that the page "ILIAS Role >> LDAP Group Mapping" is used to assign incoming (to ilias) and outgoing (to the AD) traffic. Right?
2) Do I have to use "Role Assignment" or "ILAS Role >> LDAP Group Mapping" for my project?
2) What do I have to do to assign the incoming AD-users to the correct ilias-roles? :-)
Best regards,
Oliver