Manuals - 3Dfindit

Chapter 22. V10.00 SP8 22.3. Additional variant for role selection via freely definable variable
Prev	Next

22.3. Additional variant for role selection via freely definable variable

As of V10 SP8 there is an additional option for role selection. Not only selection via Windows login is possible, but also via a freely definable variable, which is provided by a LDAP^[112] server for example.^[113]

This is especially advantageous when not all user names are known.

Configuration

The configuration happens in $CADENAS_SETUP/plinkcommon.cfg, in the block LOGIN via keys AutoLoginUserX. (If no keys AutoLoginUserX are stated, the standard role selection is performed and the username is used.)

If AutoLoginUserX is stated, then exactly this is used. The key values are variables, which control the mode of role selection.

Via key value variable %user% you can check, whether there is an entry for the username in the plinkusers.cfg. So use this variable in the first AutoLoginUserX key, if you want to check the standard case at first.

Via key value variable %ds.computer.company% you can read a variable value from the defined LDAP server and check, whether there is an entry in the plinkusers.cfg for this.

At first the search is performed for the first AutoLoginUser in the plinkusers.cfg, then for the second and so on. If no value is matching, then the wild card user is used.

Specify LDAP server
In the key ldapURL specify the URL of the LDAP server.
```
[Login]
ldapURL=ldap://CADENAS.QA/DC=CADENAS,DC=QA
```
Read value from the LDAP server
In the key AutoLoginUser1 you can specify the variable to be read.
Example:
```
[LOGIN]
AutoLoginUser0=%user%
AutoLoginUser1=%ds.computer.company%
```
In this example, at first it is checked whether there is an entry for the username in the plinkusers.cfg (AutoLoginUser0) and then for the value "company" in the directory server.
More possible values:
- %domainUser%
  User in the domain. In this way local users, which are not part of the domain, are excluded.
- %ds.user.key%
  A certain user's key in the Directory Service.
Use of regular expressions
Regular expressions can filter the read value.
For each entry in AutoLoginUser, a list of regular expressions can be defined. The relation between key AutoLoginUserX and block AutoLoginExprListX is established by the number at the end of keys and blocks.
Example:
```
AutoLoginUser1=%ds.computer.company%
```
```
[AutoLoginExprList1]
Expr0=^.{2}
```
With the expression above only the first two characters of "company" are used.

Note

	Note
Safety information When using a PARTapplicationServer the keys are read by this, so that users cannot access the settings. Without using a PARTapplicationServer the keys are read by the client. When using Windows users there will be an element of uncertainty, because the login information could be faked. A safety solution is the use of a LDAP server or the explicit login with the domain user `%domainUser%`.

Safety information

When using a PARTapplicationServer the keys are read by this, so that users cannot access the settings.

Without using a PARTapplicationServer the keys are read by the client. When using Windows users there will be an element of uncertainty, because the login information could be faked. A safety solution is the use of a LDAP server or the explicit login with the domain user %domainUser%.

^[112]Directory-Server, whose data structure is according to the LDAP specification and which can exchange data via LDAPv3 protocol

^[113]#73899

Prev	Up	Next
22.2. SSL encryption	Home	22.4. Seamless.cfg: Key "AlwaysOnTop" as workaround for key "KeepOnTop"