Version Differences for Security

[[Image:Authorization Realm Ex.png]]

-

Once this configuration is completed successfully, the expected functionality would be when a user attempts to login to uDeploy, a quarry is made to Active Directory. Assuming that a username is found and that the password for that user is correct, the user's information is imported to uDeploy, including the groups that the user belongs to. With this in mind, it's important to limit your user and group search bases to users and groups that are useful in uDeploy. When regarding this, a user will only be imported when they attempt to log in, thus only 1 user will be imported per login attempt. This means that you could configure you user search base to be the entire AD, but you would only have extra users if those extra users attempted to login. This makes limiting the user search base important only in regards to limiting the users that CAN login to uDeploy. However, this is not the same for groups. If one user logs in and belongs to 1000 groups, unless you've limited your group search base to the location of the groups that are important to uDeploy, all 1000 groups will be imported. This make focusing your group search base VERY important if you have a large number of groups in AD.

+

====Final Notes====

+

Once this configuration is completed successfully, the expected functionality would be when a user attempts to login to uDeploy, a quarry is made to Active Directory. Assuming that a username is found and that the password for that user is correct, the user's information is imported to uDeploy, including the groups that the user belongs to.

+

With this in mind, it's important to limit your user and group search bases to users and groups that are useful in uDeploy. When regarding this, a user will only be imported when they attempt to login, thus only 1 user will be imported per login attempt. This means that you could configure you user search base to be the entire AD structure, but you would only have extra users if those extra users attempted to login. This makes limiting the user search base important only in regards to limiting the users that CAN login to uDeploy.

+

However, this is not the same for groups. If one user logs in and belongs to 1000 groups, unless you've limited your group search base, all 1000 groups will be imported. This make focusing your group search base to only the location that contains the groups that are useful in uDeploy VERY important if you have a large number of groups in AD. The consequences of importing this many groups could be catastrophic to the usability of uDeploy, causing extremely slow load times as the uDeploy server quarries the database for the permissions that these groups have every time you navigate to a location that you need permissions to access.

+

Our advice is to create an OU that contains groups that have been made specifically for use in uDeploy, and configuring your group search base in your authorization realm to point to it.

== Roles ==

 [[Image:Authorization Realm Ex.png]]
-                Once this configuration is completed successfully, the expected functionality would be when a user attempts to login to uDeploy, a quarry is made to Active Directory. Assuming that a username is found and that the password for that user is correct, the user's information is imported to uDeploy, including the groups that the user belongs to. With this in mind, it's important to limit your user and group search bases to users and groups that are useful in uDeploy. When regarding this, a user will only be imported when they attempt to log in, thus only 1 user will be imported per login attempt. This means that you could configure you user search base to be the entire AD, but you would only have extra users if those extra users attempted to login. This makes limiting the user search base important only in regards to limiting the users that CAN login to uDeploy. However, this is not the same for groups. If one user logs in and belongs to 1000 groups, unless you've limited your group search base to the location of the groups that are important to uDeploy, all 1000 groups will be imported. This make focusing your group search base VERY important if you have a large number of groups in AD.
+                ====Final Notes====
                 Once this configuration is completed successfully, the expected functionality would be when a user attempts to login to uDeploy, a quarry is made to Active Directory. Assuming that a username is found and that the password for that user is correct, the user's information is imported to uDeploy, including the groups that the user belongs to.
                 With this in mind, it's important to limit your user and group search bases to users and groups that are useful in uDeploy. When regarding this, a user will only be imported when they attempt to login, thus only 1 user will be imported per login attempt. This means that you could configure you user search base to be the entire AD structure, but you would only have extra users if those extra users attempted to login. This makes limiting the user search base important only in regards to limiting the users that CAN login to uDeploy.
                 However, this is not the same for groups. If one user logs in and belongs to 1000 groups, unless you've limited your group search base, all 1000 groups will be imported. This make focusing your group search base to only the location that contains the groups that are useful in uDeploy VERY important if you have a large number of groups in AD. The consequences of importing this many groups could be catastrophic to the usability of uDeploy, causing extremely slow load times as the uDeploy server quarries the database for the permissions that these groups have every time you navigate to a location that you need permissions to access.
                 Our advice is to create an OU that contains groups that have been made specifically for use in uDeploy, and configuring your group search base in your authorization realm to point to it.
 == Roles ==