The RfC Manager uses three ressources to authenticate and authorize users:
- i-doit
- LDAP
locally created user accounts
When users log on to the RfC Manager, it first checks against the local database whether the user exists and then checks whether the password is valid in the above order. This means that users who want to work with the RfC Manager, regardless of their role, need a local account that assigns them the roles Login, Change Manager, Change Advisory Board Member and Admin. In addition to the option of maintaining these accounts manually via the user administration, the users can also be synchronized with a configured LDAP server and with i-doit CMDB.
Synchronization of user accounts with an LDAP server
Synchronization with a configured LDAP server always takes place when the LDAP settings are saved. In this case, a success message with the number of synchronized accounts is displayed at the bottom right.
Alternatively, the LDAP sync can be executed via
the console with the command php bin/console ldap-users:fetch
in the installation directory. f this command is executed regularly via a cron
job, newly created user accounts are automatically transferred to the
RfC Manager.
Synchronisation with i-doit
Users are often only maintained locally in
i-doit, without a connection to an LDAP server. In this case, the
user accounts should possibly also be available in RfC Mager. The
option Save and synchronize i-doit contacts is available for this in
the CMDB settings. Therefore the
Option Save and sync i-doit contacts
is available.