[DOCS-13199] Suggestions for additional notes on Ops Manager LDAP Created: 05/Nov/19 Updated: 14/Nov/23 |
|
| Status: | Backlog |
| Project: | Documentation |
| Component/s: | Ops Manager |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Charles Merrill | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | request | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 4 years, 14 weeks, 2 days ago |
| Description |
|
Suggestions for additional notes on https://docs.opsmanager.mongodb.com/current/tutorial/configure-for-ldap-authentication/#associate-ldap-groups-with-project-roles and https://docs.opsmanager.mongodb.com/current/reference/api/groups/map-ldap-groups-to-manager-roles/ Customers have been unclear about how to add a user to a group/project with certain roles using the Ops Manager API. We might want to include notes mentioning that: 2. For security reasons, it is not possible to add users to your LDAP server using Ops Manager. 3. All user management (which user participates in which group(s)) is done in LDAP. 4. You can use the API to manage the relationship in Ops Manager. eg: Which LDAP group(s) correspond to which Ops Manager roles in a particular OM project 5. If using LDAP, you would create one or many LDAP groups containing Users. Example `OM_RO_MyProject` 6. If the requirement is to have a single read-only group across multiple projects - you would use API calls to associate that LDAP group with the Role (example: GROUP_READ_ONLY) for the required Ops Manager projects. |