I faced an Issue which is after configured the esight to authenticate using AD and creating AD group (on AD and esight ) to manage the esight .. I discovered that all the AD users can access the esight page without privilege but the requirement is that no one can access the page even without privilege except the created group for this purpose .
- Checked if can do this from the GUI mode but was not available .
- Checked the documentation
To accomplish this requirement, there is an important configuration file called ldapAuth.cfg ... The Authentication module uses the configuration parameters in ldapAuth.cfg to communicate with Lightweight Directory Access Protocol (LDAP) server for user authentication function.
you can find this file in this path :
in order to indicate the group name and then only the group members can login .
The AD group name was Esight Access Group and to make this only group to access the esight we need to change the userbindgroup parameter in the ldapauth.cfg file .
So Right click on the ldapauth.cfg then edit it with text editor and add the parameter :
Now only this group can access the esight webpage .
Note that there are a lot of useful parameters you can modify to control the authentication process between esight and ldap server .
Search in the documentation for ldapAuth.cfg to check all the parameters that can be modified
We need to add A GUI modification to this file that enable user to change these attributes easly