Users and Groups

A user needs to be assigned to a group within ODK-X Sync Endpoint to set their permissions and roles for ODK-X apps. More information about groups and roles is available in Data Permission Filters section.

The instructions below assumes you have access to the phpLDAPAdmin web administration interface. Note that this is not enabled by default, so you may want to enable it by following the instructions in the LDAP Web administration documentation.

Creating users

  1. Click: login on the left and login as admin.
    Start by logging into the ldap-service. Copy the login below.
    - login DN: cn=admin,dc=example,dc=org
    - password: admin (or the password you chose in the setup wizard)
../_images/setup-user1.png

  1. Expand the tree view on the left until you see ou=people. Click the + sign next to dc=example, dc=org to expand it. Within the unfolded menu, in the ou=people section, click on Create a child entry (new person).

../_images/setup-user2.png

  1. Then, select the Generic: User Account template.

../_images/setup-user3.png

  1. Fill out information for the new user and “create object.” Assign it to the default_prefix_synchronize_tables group. You will need to commit (confirm) that you want to create this entry on the next screen.

../_images/setup-user4.png

We have now created the user! We just need to add the user to the respective group from the group settings.

Creating groups

  1. Click: login on the left and login as admin.

  2. Expand the tree view on the left until you see ou=groups.

  3. Click on ou=default_prefix and choose Create a child entry.

  4. Choose the Generic: Posix Group template.

  5. Fill out the form and click Create Object.

Note

The group name must start with the group prefix, in this case the group prefix is default_prefix so for example: default_prefix my-new-group

  1. Assign users to groups with these instructions.

Assigning users to groups

  1. Click: login on the right and login as admin.

  2. Expand the tree view on the right until you see ou=default_prefix, then expand ou=default_prefix.

  3. This list is all the groups under ou=default_prefix.

  4. Click on the group that you want to assign users to. In this section, click on gidNumber=503, which is the group ID that corresponds to default_prefix_synchronize_tables. Groups correspond to the access permissions available to a certain user.

../_images/setup-user5.png

  1. A few groups are created when the LDAP server is brought up, refer to Data Permission Filters for descriptions of these groups.

Note

A user needs to be assigned one of the roles in addition to any other group of your choosing. These roles are available as groups 500 (SITE_ADMIN), 501 (ADMINISTER_TABLES), 502 (SUPER_USER_TABLES), 503 (SYNCHRONIZE_TABLES).

  1. Assign users to groups with these instructions.

  2. If the memberUid section is not present:

    1. Choose Add new attribute.

    2. Choose memberUid from the dropdown, then enter uid of the user you want to assign.

    3. Click Update Object at the bottom to update.

  3. If the memberUid section is present,

  1. Navigate to the memberUid section.

  2. Click modify group members to manage members.

../_images/setup-user6.png ../_images/setup-user7.png

  1. Navigate to http://[IP_ADDRESS]/web-ui/login in order to access the login screen.

../_images/setup-user8.png