Download Dr.Web Enterprise Security Suite

Appendices
#define DrWeb_Admin_AttrName
#define DrWeb_AdminReadOnly_AttrName
"DrWebAdminReadOnly"
#define DrWeb_AdminGroupOnly_AttrName
"DrWebAdminGroupOnly"
#define DrWeb_AdminGroup_AttrName
"DrWebAdmin"
"DrWebAdminGroup"
Editing settings of Active Directory users is implemented manually at
the Active Directory server (see p. Authentication of Administrators).
Algorithm of attributes handling during authorization is the
following:
1. User attributes are read.
2. If the DrWebAdmin attribute is set to TRUE, when:
2.1.If
some
attributes
are
missing
and
the
DrWebInheritPermissions attribute is set to
TRUE, missing attributes are read from groups. As soon
as all attributes are set, procedure of groups bypass stops.
Thus, the sooner attributes are read, the bigger priority
they have. Administrator access is confirmed.
2.2.If
some
attributes
are
missing
and
the
DrWebInheritPermissions attribute is set to
FALSE (or undefined), administrator access is forbidden.
2.3.If all attributes are set, administrator access is confirmed
3. If the DrWebAdmin attribute is set to FALSE, administrator
access is forbidden.
4. If the DrWebAdmin attribute is undefined, when:
4.1.If the DrWebInheritPermissions attribute is set
to TRUE, attributes from groups are read. Further,
similar to step 2.
4.2.If the DrWebInheritPermissions attribute is set
to FALSE (or undefined) similar to step 3.
LDAP Authentication
Settings are stored in the auth-ldap.xml configuration file.
Administrator Manual
433