| | 9 | * First activate 'LDAP Servers' and configure that module. |
| | 10 | |
| | 11 | ''UHL settings:'' |
| | 12 | |
| | 13 | * LDAP server type: Active Directory |
| | 14 | |
| | 15 | * LDAP server: ldaplookups.xuhl-tr.nhs.uk |
| | 16 | |
| | 17 | * Port: 389 |
| | 18 | |
| | 19 | * Service Account Bind (use service account credentials previously supplied by IM&T) |
| | 20 | |
| | 21 | * Base DN: DC=xuhl-tr,DC=nhs,DC=uk |
| | 22 | |
| | 23 | * AuthName: sAMAccountName |
| | 24 | |
| | 25 | * Email attribute: mail |
| | 26 | |
| | 27 | |
| | 28 | * Subsequently activate 'LDAP authentication' |
| | 29 | |
| | 30 | * Only LDAP authentication allowed except user 1 |
| | 31 | |
| | 32 | * 'Allow Only' Text Test: OU=Cardiology (restricts logon to Cardiology dept staff |
| | 33 | |
| | 34 | * Existing User Account conflict: associate local account with the LDAP entry |
| | 35 | |
| | 36 | * Account creation : Create accounts automatically for LDAP authenticated users |
| | 37 | |
| | 38 | * Email behaviour: Show disabled email field on user forms. |
| | 39 | |
| | 40 | * Email update: Update if differs and notify user. |
| | 41 | |
| | 42 | * Next, 'LDAP authorization' and 'LDAP authorization - drupal roles' |
| | 43 | |
| | 44 | * Strategy II.B. - drupal roles are specified by LDAP attributes |
| | 45 | |
| | 46 | * Attribute name: memberOf |
| | 47 | |
| | 48 | * Mapping to drupal role: CN=BRICCS MRBS,OU=MRBS,OU=Apps,DC=xuhl-tr,DC=nhs,DC=uk|LCBRU staff |
| | 49 | |
| | 50 | * Use LDAP group to drupal roles filtering |
| | 51 | |
| | 52 | * Grant / revoke when user logs on |
| | 53 | |
| | 54 | * IV.C all three options ticked |
| | 55 | |
| | 56 | * Also activate 'LDAP help'. |
| | 57 | |
| | 58 | |
| | 59 | |
| | 60 | == Notes == |
| | 61 | |
| | 62 | There is an option for seamless or Single Sign On, but currently that is outside the scope of the BRICCS deployment. |
