![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
When the iProcess Engine is configured to use the LDAP directory you cannot create, modify or delete users, groups, roles or attributes using the iProcess Suite’s user administration tools (SWDIR\bin\swutil and User Manager). You can still view user data using User Manager.
1.
1. Assign the value GROUP to the <MENUNAME> attribute.
3. Specify the group’s membership, using the <GROUPUSERS> attribute. See Defining Group Membership below for more information about how to do this.
− as iProcess user names. See page 16 for more information.
−
• A <GROUPUSERS> attribute value can be either a single iProcess user name, or a comma-separated list of iProcess user names. In the following example, the groupusers attribute value defines johnb, roystonh and bobb as members of the reviewers group:
• A specified name must not contain an @ or = character, as this will cause the value to be truncated. For example, the value:
will result in johnb and roystonh being added as group members. bobb will not be added to the group.
•
A <GROUPUSERS> attribute value can contain either a single DN, or a list of DNs. Each DN references another entry in the LDAP directory, that must contain the iProcess user name that is to be added to the group.
•
In the example on the next page, the groupusers attribute value contains a list of three DNs. The LDAP attribute that maps to the iProcess user name is uid. When iProcess user data is synchronized with the LDAP directory, LDAPCONF searches the LDAP entry defined by each DN for a uid value. Users johnb, roystonh and bobb are therefore added to the reviewers group.
In this example, the # character is the delimiter for individual DNs in the groupusers value. The # character is the MS Active Server delimiter; other LDAP Directory servers may use different characters.![]()
• A DN must not contain an @ character, as this will cause the DN to be truncated. For example, the value:
will result in the second DN being interpreted as cn=rharper. The first and third DNs will be interpreted normally.In the following example, we again assume that uid is the LDAP attribute that maps to the iProcess user name.![]()
LDAPCONF reads the DN and, finding that it already contains a uid value, checks if jon_b is an iProcess user:
− If jon_b is an iProcess user, jon_b is added to the groupusers group. The entry pointed to by the full DN is not examined.
− If jon_b is not an iProcess user, LDAPCONF searches the entry pointed to by the full DN. It finds the uid value johnb, and so adds user johnb to the groupusers group.
1. Assign the value ROLE to the <MENUNAME> attribute.
• Set the <MENUNAME> attribute for the relevant entry to NONE. The user, group or role will be removed when iProcess is next synchronized with the LDAP directory.
• Delete the relevant entry. The user, group or role will be removed when iProcess is next fully synchronized with the LDAP directory.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |