Adding Groups or Users to a Profile
To work with Authorization, from the main toolbar, expand the Management drop down list, and then select Authorization to open the Authorization Explorer.
You can use any number of external LDAP capable directories as a source for authentication and authorization.
To add a group or user
-
Open the Authorization Explorer, select the profile to which you want to add members.
The current members of each profile are listed in the right pane.
-
Click to add a member to the selected profile.
-
In the Add Members dialog box, select the directory you want to use to search for users and groups.
-
From the Type drop down list, choose whether you are searching for a group or a user.
-
In the Filter field enter appropriate search criteria.
The asterisk is a wildcard character that, when used by itself, says find all users or groups. To narrow your search results you can use the asterisk in conjunction with other characters. For example, if you have a filter "B*", then your search results will contain all elements that start with the letter "B".
-
Click Search to search the chosen directory with the given criteria.
If searching for users the search results will contain all elements in which the Entry Name attribute and the Login Name attribute match the search criteria. The entry name displays in the search results field, but the login name is added to the authorization profile.
-
In the Results field, locate the group or users you want to add. You can select multiple entries.
-
Click Add to add the selected users or groups to the authorization profile. The added members display in the Member pane of the Administrative Console.
-
Click Reset to clear the search results and continue searching for additional members to add.
Select Show Results DN to have the Entry DN display in the results table. The Entry DN is the distinguished name of the entry in the LDAP directory. For example, results with this option selected:
The last element of the DN is the name of the directory. You can determine the full DN of this entry by looking at the Base DN configured for the directory.
For example, if the Entry DN shows CN=Domain Admins,CN=Users,DC=rocket-software and the directory called Rocket Software has a Base DN property DC=rocket-software-ldap,DC=com, then the full DN for the entry would be CN=Domain Admins,CN=Users,DC=rocket-software-ldap,DC=com.
You cannot add users and groups to an authorization profile until either a directory has been added or OSGroups have been enabled in the Directories perspective. If you select OSGroups in the Directories list, then only groups are searched for and the Show Entry DN option cannot be selected.
More information