I not long ago schooled that a of the side benefits of relocating to the WebLogic Server design in UCM 11g is the aptitude to run in a churned authentication and authorisation model. What we meant by that is the aptitude to be real by WebLogic Server (which has its own inner store or hooks up to LDAP/Active Directory) but have your authorisation (Roles and Accounts) advance from UCM.
This means that you do not have to emanate groups in LDAP/Active Directory and allocate them to your users in demand for them to get those Roles and Accounts in UCM. Instead, you are able to allocate them right away in UCM by the User Admin applet.
In demand to do this, the usually necessity is that the username used for authentication in WebLogic Server must tie in the username tangible in UCM. Then in UCM, you have that user tangible possibly as a Local or Global user.
When you record in to UCM 11g is to initial time, a user record will get updated to the database that defines the user as 'external'. User data similar to full name and email is stored, but authentication and authorisation would still be completed by WebLogic Server. But all you must be do is prominence the user, click the Change button, and change them in to a Local or Global user. Once you do that, then you can now do the Role and Account mapping is to user.
For a more programmed way, you can use a spreadsheet similar to we blogged about in this formerly post to rapidly stock your UCM example with the users and their account information. Again, simply ensure the username matches between LDAP/AD and UCM.
No comments:
Post a Comment