The RfC Manager uses three ressources to authenticate and authorize users:
- i-doit
- LDAP
- lokal angelegte Benutzerkonten
When users login at the RfC Manager, th local database is queried if a user with this username exists, than the password get proved against the above mentioned ressources in the given order. That means, that all users need a local user account, where they get assigned there applicable roles as Login, Change Manager, Change Advisory Board Member and Admin. While it is possible to maintain the accounts via the local User Management, the users can be fetched from a configured LDAP Server or from the i-doit CMDB.
User synchronisation with LDAP Server
The synchronisation with a configured LDAP Server always takes place when the LDAP Settings are saveeed. A success message in the bottom right corner tells you the count of the synced users.
Additionally exists the command php bin/console ldap-users:fetch
to sync the ldap users. If this command get regularly called from a cron job, new users get automatically synced with the RfC Manager.
Synchronisation with i-doit
Often user accounts are managed in i-doit only, without any connection to an LDAP server. Inthis case eventually the users accounts maintained in i-doit shall be available for a login in the RfC Manager too. Therefore the
Option Save and sync i-doit contacts
is available.