Configuring the role with different authentication parameters than the domain

Authentication is performed on a domain basis only, so the role settings,

if different, are ignored, except in so much as they effect the user's settings.

During authentication, there is an interval during which the user is interacting

with the portal, i.e., the session has been created, but the identity of the

user is not yet known. While that is happening, the domain profile is used.

But once the user identity is known and the user has been validated, then

profile information comes from the user's profile, which is effected by

the user's role. For example, the URL that the user is directed to after

authentication comes from the user's profile.

HTH.

Tom

Kent Perrier wrote:

>

> I am writing up some documentation for the a portal I have installed for

> a client.

> In going through the admin screens I have noticed that the role has the same

> configuration screens for authentication as the domain. This brings up

> a question.

> What happens if the two are not the same? For example, I have the

> domain configured

> for LDAP authentication and the role configured for unix configuration.

>What happens?

> Lets suppose that I have the role configured for LDAP auth, but it is

> configured to

> point at a different LDAP server or the search DN is different, what

> happens then?

>

> In my mind, one of two things will happen. In the best case, the

> settings for the

> role are ignored and users can log in with the settings of the domain

> (assuming that

> they are correct.) In the worst case, (assuming that the domain

> configuration is the

> correct one) all of the members of the domain will be locked out until

> the two

> authentication profiles are back in sync.

>

> To me, this looks like a loaded Uzi (with a hair trigger) pointing

> directly at my

> foot. If there a legitimate use for different settings in both places?

> --

> Kent

708764 at 2007-6-29 2:29:45 >