Adobe 65015459 Server Guide - Page 41

About Contribute and LDAP or Active Directory

Get Adobe 65015459 - Contribute CS4 - PC PDF manuals and user guides
UPC - 883919159980
View all Adobe 65015459 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

ADOBE CONTRIBUTE CS3 38 User Guide About Contribute and LDAP or Active Directory Lightweight Directory Access Protocol (LDAP) is a protocol for accessing information directories. Microsoft Active Directory and LDAP are types of directory services. In the case of directory services, a directory is like a telephone book and not like a directory (folder) on your computer. You can integrate the User Directory service of CPS with your directory service. The User Directory is an application service that enables you to centrally manage users. When you integrate with your LDAP directory, you control who can access your website and how they are authenticated. LDAP branches Using the User Directory service, you can add your entire LDAP user directory for your website, or you can indicate specific branches to search. You have the following options: • Add the root node of your LDAP tree to the user directory, and enable search for users or groups in any of the branches. • Add specific branches to the user directory and determine the scope of the search-whether you want to search only the branch or the branch and any subbranches. This way, you can exclude certain branches of your LDAP tree from the search. For each branch you add, you can define a user search only or you can define a user and a group search. For example, suppose your LDAP directory has three branches: East, Central, and West. You want to integrate with the LDAP directory your entire company, so in the following example, you add one branch for a user search to the user directory: User branch with baseDN:o=MyCompany, Search Scope:SUBTREE_LEVEL, filter:(objectClass=organizationalPerson) Now, suppose you want to include only the Central and West branches and you want to define user and group searches. You add the following four branches to the user directory: User branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL, filter:(objectClass=organizationalPerson) User branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL, filter:(objectClass=organizationalPerson) Group branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL, filter:(objectClass=groupOfNames) Group branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL, filter:(objectClass=groupOfNames) LDAP permissions and Contribute permissions Integrating your company LDAP directory with CPS adds another layer of permissions. When connecting to an LDAP or Active Directory server, CPS respects any file/folder permissions set by the LDAP or Active Directory service. Contribute permissions are layered on top of the directory service or the network/server permissions and are applied globally. Contribute permissions, which are settings stored in an XML file at the root of your website, are specific controls for the Contribute editing environment. These permissions are not assigned on a per-user basis; they are groups of settings that Contribute reads when first connecting to a website. Contribute then conforms to these settings during the editing process. Contribute administrators can specify access to certain folders for different user roles.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
ADOBE CONTRIBUTE CS3
User Guide
38
About Contribute and LDAP or Active Directory
Lightweight Directory Access Protocol (LDAP) is a protocol for accessing information directories. Microsoft Active
Directory and LDAP are types of directory services. In the case of directory services, a directory is like a telephone
book and not like a directory (folder) on your computer.
You can integrate the User Directory service of CPS with your directory service. The User Directory is an appli-
cation service that enables you to centrally manage users.
When you integrate with your LDAP directory, you control who can access your website and how they are authen-
ticated.
LDAP branches
Using the User Directory service, you can add your entire LDAP user directory for your website, or
you can indicate specific branches to search.
You have the following options:
Add the root node of your LDAP tree to the user directory, and enable search for users or groups in any of the
branches.
Add specific branches to the user directory and determine the scope of the search—whether you want to search
only the branch or the branch and any subbranches. This way, you can exclude certain branches of your LDAP
tree from the search.
For each branch you add, you can define a user search only or you can define a user and a group search.
For example, suppose your LDAP directory has three branches: East, Central, and West. You want to integrate with
the LDAP directory your entire company, so in the following example, you add one branch for a user search to the
user directory:
User branch with baseDN:o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
Now, suppose you want to include only the Central and West branches and you want to define user and group
searches. You add the following four branches to the user directory:
User branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
User branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=organizationalPerson)
Group branch with baseDN:ou=Central,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=groupOfNames)
Group branch with baseDN:ou=West,o=MyCompany, Search Scope:SUBTREE_LEVEL,
filter:(objectClass=groupOfNames)
LDAP permissions and Contribute permissions
Integrating your company LDAP directory with CPS adds another
layer of permissions. When connecting to an LDAP or Active Directory server, CPS respects any file/folder permis-
sions set by the LDAP or Active Directory service. Contribute permissions are layered on top of the directory service
or the network/server permissions and are applied globally.
Contribute permissions, which are settings stored in an XML file at the root of your website, are specific controls
for the Contribute editing environment. These permissions are not assigned on a per-user basis; they are groups of
settings that Contribute reads when first connecting to a website. Contribute then conforms to these settings during
the editing process. Contribute administrators can specify access to certain folders for different user roles.