Site Manager can be configured to allow different users on the Site Manager server or a Windows Active Directory Domain to login to Site Manager.
By default members of the Administrators group on the Site Manager server and members of Domain Administrators on the Site Manager server's domain can login. Additional domains and permissions can be configured as described below.
Login providers serve as the interface between Site Manager and an authentication resource. There is a unique login provider for each authentication resource so that permissions for each resource can be managed independently by configuring the associated provider. Three types of Login Provider currently exist:
|Login Provider Type||Authentication Resource||Included by Default||Notes|
|Server Local||User Account Control||Yes||This provider interfaces with accounts local to the Site Manager server. Administrator accounts will always have permission to access Site Manager. This provider cannot be deleted.|
|Server Domain||Active Directory||Yes (if the Site Manager server is connected to a domain)|
This provider interfaces with the domain the Site Manager server is connected to. It is created automatically and can not be removed by the user. Domain Administrators can always log in using this provider.
If the server is disconnected from its domain then the provider will be converted to a Domain provider. A new Server Domain provider will be created when Site Manager upon reconnecting to a domain.
|Domain||Active Directory||No||This provider interfaces with Active Directory domains other than that which the Site Manager server is connected to.|
Active Directory compatibility
Site Manager must connect with a Domain Controller which supports the Virtual List View controls (a part of LDAP V3) for permissions to be set for accounts on the Domain. LDAP over SSL will be used if available.
Managing Login Providers
Domain providers are created and configured by the user (Server Local and Server Domain providers are created automatically on startup) through a dialog accessed through the security settings page.
All providers are listed within the provider manager dialog. Providers can be configured or removed by clicking the respective buttons in the table. New providers can be created by clicking the Add button, which opens the a dialog to configure a new Domain provider.
A Domain provider can be configured with the following fields:
|Name||A friendly name which is displayed to users. If no name is provider then the provider will be named after the domain it is associated with.|
The host name of a domain controller. This can be in the form of a DNS-style name, a NetBIOS address or an IP address.
Site Manager will communicate with the domain controller using LDAP. To use custom ports (other than the default of 389 or 636) specify the domain controller in the hostname:port format.
|Username||The username of an account on the domain. The credentials of this account will be used to perform any lookups against the LDAP server.|
|Password||The password of the account specified by the username entered in the previous field.|
After clicking "Save", Site Manager will check the validity of the configuration. If a provider can be created then the configuration is saved and a provider is added to the list of providers in the previous window. Otherwise, the an error message will appear explaining the problem.
Next to the Manage Provider button on the security settings page is the Manage Permissions button. Clicking this button will open the permissions management window.
Permissions are configured separately for each provider; it is necessary to select the correct provider from the combo box before configuring permissions.
A table listing the active permissions is below the provider selection field. Here the names of authorized users and groups are displayed. All members of an authorized group are given the permissions of that group. Permissions can be deleted by clicking the Remove button. Click Configure to add permissions. Note that changes to permissions can be discarded by clicking cancel.
The structure of the directory is navigable through the tree on the left, which shows the folders and Organizational Units which have been configured on the domain. On the right is a table listing the users and groups in the selected folder. Rows can be selected to add corresponding permissions when the Add button is pressed.