Hi Bill, On 07.11.2017 17:51, William D. Vasu wrote: > I am new to LAM. Will it allow me to create sub-administrators who can only > administer within their org. For instance, I am using Joget for my > applications which nicely interfaces to LDAP. > > For my root DN I will have, as an example: > > DC=joget,DC=org > > Under my Root DN I will have, as an example: > > DC=HR,DC=joget,DC=org > DC=Product Department,DC=joget,DC=org > DC=Operation,DC=joget,DC=org > DC=Users,DC=joget,DC=org > > I would like a particular logged in user to LAM to be able to > see/add/edit/delete users for the Product Department but not have any access > to users in Operation or Users.
first, please assign proper access rights (ACLs) server-side so the server denies invalid access. LAM is a GUI, primary rights assignment needs to be done server side. On LAM side you can create e.g. multiple server profiles to include only what is needed: https://www.ldap-account-manager.org/static/doc/manual/ch03s02.html#idm46655317727744 You can add restrictions who is able to login for each server profile. This way people only see what is needed. Best regards Roland -- LDAP Account Manager https://www.ldap-account-manager.org/
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
