Configuring login to the Contenta sysadmin desktop only using an existing LDAP user attribute

If you configure login using Contenta user names (see the previous task), then you can normally specify Contenta sysadmin users as part of that task: you set the value of the LDAP user attribute specified by contenta_login_name_attr (in the example, description) to the value sysadmin.

About this task

In some environments, configuring login using Contenta user names is not possible because the following restrictions apply:

  • Your corporate policy disallows you from creating a new LDAP user attribute.
  • Any existing LDAP user attribute you want to repurpose already contains text, which unauthorized users could (inadvertently) enter, granting them access to Contenta.

In this restricted scenario, you may want to disallow login using Contenta user names generally, but still need to enable some users to log in as sysadmin to the Contenta sysadmin desktop. There is a special property for this scenario in xyldap.cfg.

Procedure

  1. In LDAP, decide which existing LDAP user attribute you want to repurpose for the Contenta sysadmin account. This attribute must not currently contain the value sysadmin for any user. For example, you might choose to repurpose the LDAP description attribute for this.
  2. For all LDAP users that need to be logged in to the Contenta sysadmin desktop, set the value of this attribute to sysadmin.
  3. Open xyldap.cfg for editing.
  4. Ensure that contenta_login_name_check is present and set to true.
  5. Ensure that contenta_login_name_check_sysadmin_only is present and set to true. This causes all values of the attribute other than sysadmin to be ignored.
  6. Ensure that contenta_login_name_attr is present and set to the name of the LDAP attribute that contains the Contenta user name (in our example, description).
  7. Save and close xyldap.cfg
  8. Restart PcmPortal.