Configuring login to the Contenta sysadmin desktop only using an existing LDAP user attribute
If you configure login using Contenta user names (see the previous task), then you can normally specify Contenta sysadmin users as part of that task: you set the value of the LDAP user attribute specified by contenta_login_name_attr (in the example, description) to the value sysadmin.
About this task
In some environments, configuring login using Contenta user names is not possible because the following restrictions apply:
- Your corporate policy disallows you from creating a new LDAP user attribute.
Any existing LDAP user attribute you want to repurpose already contains text, which unauthorized users could (inadvertently) enter, granting them access to Contenta.
In this restricted scenario, you may want to disallow login using Contenta user names generally, but still need to enable some users to log in as sysadmin to the Contenta sysadmin desktop. There is a special property for this scenario in xyldap.cfg.
Procedure
- In LDAP, decide which existing LDAP user attribute you want to repurpose for the Contenta sysadmin account. This attribute must not currently contain the value sysadmin for any user. For example, you might choose to repurpose the LDAP
descriptionattribute for this. - For all LDAP users that need to be logged in to the Contenta sysadmin desktop, set the value of this attribute to sysadmin.
- Open xyldap.cfg for editing.
- Ensure that
contenta_login_name_checkis present and set totrue. - Ensure that
contenta_login_name_check_sysadmin_onlyis present and set totrue. This causes all values of the attribute other than sysadmin to be ignored. - Ensure that
contenta_login_name_attris present and set to the name of the LDAP attribute that contains the Contenta user name (in our example,description). - Save and close xyldap.cfg
- Restart PcmPortal.