The Attribute Setup screen allows you to enter which fields to use for the user accounts from the LDAP directory.

The Attributes section of the Attribute Setup screen is shown in the figure below.

The Attributes section of the Attribute Setup screen

The fields available on this screen are as follows:

• User Id: enter the name of the field in the LDAP directory to use as the User Id in Squiz Matrix.
• Common Name: enter the name of the field in the LDAP directory to use as the Common Name in Squiz Matrix.
• First Name: enter the name of the field in the LDAP directory to use as the First Name in Squiz Matrix.
• Last Name: enter the name of the field in the LDAP directory to use as the Last Name in Squiz Matrix.
• Email Address: enter the name of the field in the LDAP directory to use as the Email Address in Squiz Matrix.
• Group Membership: enter the name of the field in the LDAP directory to use as the Group Membership in Squiz Matrix.
• Group Members: enter the name of the field in the LDAP directory to use as the Group Members in Squiz Matrix.
• Group Name: enter the name of the field in the LDAP directory to use as the Group Name in Squiz Matrix.

Please note, whether you use Group Membership or Group Members will depend on how relationships between users and groups are defined. Group Membership should be used when the LDAP user defines the groups it is a member of, with an attribute containing a list of group DNs (usually ou). Group Members should be used when a group defines its own members, using an attribute containing a list of member DNs (usually member or uniqueMember). If omitted, a default attribute of member will be used.

Only one of Group Membership and Group Members are required. If both are provided, groups will be expanded in the Asset Map according to the Group Members setting. However, the groups a user is a member of will be determined first by the Group Membership setting. 

How the Asset Map Displays Groups and Users

LDAP directory

To understand how the Asset Map displays LDAP groups and users, consider the following example. In the figure shown to the right is an example LDAP directory. It contains three users and three groups. All members are part of the primary group of Staff. John Smith is also part of the Support group, Sue White is also part of the Support and Training groups and Bill Jones is also part of the Training group. 

Asset Map

On the Attribute Setup screen, if you use the Group Membership field, the Asset Map will show all groups but the users will only appear in the primary group. The figure to the right shows the structure in the Asset Map of the LDAP users and groups for the example LDAP directory. All users appear in the primary group of Staff and no users appear under the Support and Training groups. You can still apply Permissions and Roles to these groups and use them within a Workflow Schema. When an LDAP user logs in, Squiz Matrix will query the LDAP directory to work out which groups they are a part of and hence which Permissions, Roles and Workflow Schemas to apply to them. For example, say you have denied WritePermission on the Home page to the Training group but have granted them Write Permission to the Training page. When Sue White logs in, Squiz Matrix will query the LDAP directory and find out that she is part of the Training group. Sue will then be able to edit the Training page but not edit the Home page.

Asset Map

If you use the Group Members field on the Attribute Setup screen, the Asset Map will show all groups as well as the users in each group. For example the figure to the right shows the structure of the LDAP users and groups for the example LDAP directory.

Naming the Groups and Users in the Asset Map

The name that is displayed in the Asset Map for the LDAP groups and users is determined by the values that you enter into the Common Name and Group Name fields on the Attributes Setup screen. For example, if you enter ou into the Group Name field, the value that is stored in the ou attribute field for the group in LDAP will be displayed in the Asset Map. This will only work for the groups and users that are using the ou and cn attributes. You cannot change what is being displayed in the Asset Map for the groups that are using the dc, o and c attributes.