Feature Wiki

Information about planned and released features

Tabs

Enter multiple Group DNs in automatic Role Assignments via LDAP

Page Overview

[Hide]

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Contact
6 Funding
7 Discussion
8 Implementation

If you need any help in filling out this wiki page, please visit our ILIAS Community FAQ.

1 Initial Problem

Currently, there is a 1:1 relation between ILIAS role and LDAP group membership in the automatic role assignments. This means we have to create a new role for every LDAP group that we want give permission to a specific object. In the longterm this leads to a high amount of unnaccessary roles, which leads to confusing user right management, a lesser overall scalability of the system and a higher maintenance.

2 Conceptual Summary

We would like to have the ablity to add more group DN's to a single role assignment. This could be done by a simple button, which adds another text field to enter the new string.

3 User Interface Modifications

3.1 List of Affected Views

add and edit rule for role assignment view in "Administration -> Authentification and Registration -> LDAP -> specific LDAP server -> role assignment"

3.2 User Interface Details

Insert a button "add additional rule" to the Assignment Type: Groupmembership, which duplicates the existing box to enter another rule.

3.3 New User Interface Concepts

4 Technical Information

There have to made some changes to the way the role assignments a stored in the database, because right now role assignment and group DN a saved in the same row in the table "ldap_role_assignments". I propose to create a new database table which stores the role assignment ids and the group DN's in a 1:N relation. The isGroupMember function in "ilias/Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php" has to be changed, too, so that every entered DN is tried for the user and once one search is succesful, the role should be added to that user.

5 Contact

Author of the Request: Miriam Kumpf (miriam.kumpf@phorms.de), Jonas Lawitzke (jonas.lawitzke@phorms.de)
Maintainer: {Please add your name before applying for an initial workshop or a Jour Fixe meeting.}
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

Phorms Education SE

7 Discussion

8 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 9. Mar 2018, 14:55, Undisclosed