Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • PHIXFLOW_ADMINS
  • PHIXFLOW_USERS_LIVE

User Groups

The current PhixFlow mechanism of User Groups can be applied to Active Directory users. There is a new Active Directory Group field in the User Group editor window. Members of the given Active Directory group will be members of the configured PhixFlow User Group. Use When Active Directory users log into PhixFlow, their Active Directory groups are mapped to PhixFlow User Groups. You can set up this mapping by specifying an Active Directory Group in a PhixFlow User Group. When an AD user in that Active Directory group logs into PhixFlow, they will be put into that PhixFlow User Group. You do not need to map all of a user's Active Directory Groups to PhixFlow User Groups. For each user, any Active Directory groups that are not mapped are simply ignored.

The mapping is configured in the field Active Directory Group in the user group configuration form.

You can use {instance} to include the PhixFlow instance name.

...

Logging in as a Active Directory user

There is a new Domain field on a the PhixFlow login screen.

Image Removed

By default it is set to local, which means that the user logs in as local, PhixFlow user.

To log in as an Active Directory user, the user needs to pick one of the domains configured in the phixflow-domains.xml file from the highlighted drop-down listThe value this will have by default is set in System Configuration (see above).

Image Added

To log in, users must select the domain they need - if this is not the default, they can select one from the drop down list, which will show all configured domains.

After choosing a domain, the proper suffix will be added to the username automatically:

...

While logging as an Active Directory user, the user must use the their Active Directory password, which cannot be changed through the PhixFlow.

If the Active Directory user is not a member of a an Active Directory group authorized authorised to use the PhixFlow (see above), the proper message is shownthey will get a standard failure to login message.

If the user is in an Active Directory Group authorised to use PhixFlow, but none of their Active Directory groups are mapped to PhixFlow user groups, they will be able to successfully log in, but will have no access.

Use the encrypted connection

To use the encrypted connection, the protocol of the connection specified in phixflow-domains.xml must be set to ldaps://instead of ldap://. It can be set in the phixflow-domains.xml file, in the value of the url field of selected bean.Note that .

The AD server’s certificate must be installed in the user’s Java Certification Store on the PhixFlow application server. To do this user needs to you must obtain a certificate file from the AD server and install it.

One way of doing this installing the certificate on the PhixFlow Application server is using a keytool:. In the command prompt type:

Code Block
keytool -import -alias example -keystore  /path/to/java/cacerts -file example.der

keytool is provided as part of the standard Java installation.

...