When the organization mapping is complete, synchronization invokes mtExternalUserSetupProcessor to create the external user and roles in that organization. JasperReports Server includes an additional mapping of roles to system roles so that you can grant administrator privileges to your external users. Using this feature, LDAP entries belonging to custom groups can be granted system or organization admin roles in JasperReports Server.
• | Configure the mtExternalUserSetupProcessor bean with organizationRoleMap to map between external and internal roles. The processor checks if the user has an external role as a map entry key. If the user has the role, the processor assigns the user the internal role in the map entry value instead of the external role in the key. |
• | Map user roles statically using the externalUserSetupProcessor bean. |
One practical consequence of external administrator role mapping is that LDAP authentication can be used exclusively. When properly set up, you can have external users who are system or organization administrators. Then, you do not need to have the superuser and jasperadmin users. However, you must ensure that every organization has an LDAP user mapped to the organization with the correct attributes to have organization admin privileges.
Administrators of your LDAP server cannot log into JasperReports Server using their LDAP administrator credentials. In most LDAP servers, users and administrators are stored in different base DNs. For example, you might store user entries in dc=example,dc=com, but administrators are stored under cn=Administrators,cn=config or ou=system. The mechanism for locating users during authentication can only search in a single base DN, and therefore administrators in a different one cannot be found. |
Recommended Comments
There are no comments to display.