Setting User Permissions for LDAP or Active Directory Authentication
After selecting either LDAP or Active Directory authentication method, you will need to set the user permissions in order for the n-Command® MSP permissions to be retrieved correctly. This function should be performed by an administrator familiar with the LDAP or Active Directory methods used in your network.
Use one of the following two methods to set the user permissions in n-Command MSP:
- Add the adtranMSPPermissions attribute to the user record. The adtranMSPPermissions defines permissions over multiple values or lists them in a comma-separated list. The permission values must be selected from the list in the table below.
- Add the memberOf
attribute to the user entry. The memberOf attribute contains multiple
values and is not case sensitive. Each value of the memberOf attribute can only contain
the DN of a group record that
represents an n-Command
MSP permission. The group CN
must be one of the values listed in the table below. The memberOf
attribute may be generated automatically by your LDAP server when
a user record is assigned to a group on the system.
Attribute |
User Permission |
| adtranMSPAll | All permissions |
| adtranMSPRestore | Restore device configurations |
| adtranMSPReboot | Reboot devices |
| adtranMSPPushConfig | Push configurations to devices |
| adtranMSPPushFirmware | Push firmware to devices |
| adtranMSPDiscover | Discover devices on the network |
| adtranMSPPurgeExcept | Purge exceptions on devices |
| adtranMSPManageUser | Manage users on the n-Command server |
| adtranMSPManageServer | Manage the n-Command server |
|
If a user is not defined with permissions as described above, they will be able to log into the n-Command MSP server, but will not have permission to perform any actions. |
