{Project} does not associate external users with their user group automatically. You must create a user group with the same name as in the external source on {Project}. Members of the external user group then automatically become members of the {Project} user group and receive the associated permissions.
The configuration of external user groups depends on the type of external authentication.
To assign additional permissions to an external user, add this user to an internal user group that has no external mapping specified. Then assign the required roles to this group.
-
If you use an LDAP server, configure {Project} to use LDAP authentication. For more information see [Using_LDAP_{context}].
When using external user groups from an LDAP source, you cannot use the
$loginvariable as a substitute for the account user name. You must use either an anonymous or dedicated service user. -
If you use a {FreeIPA} or AD server, configure {Project} to use {FreeIPA} or AD authentication. For more information, see {InstallingServerDocURL}Configuring_External_Authentication_{project-context}[Configuring External Authentication] in {InstallingServerDocTitle}.
-
Ensure that at least one external user authenticates for the first time.
-
Retain a copy of the external group names you want to use. To find the group membership of external users, enter the following command:
# id username
-
In the {ProjectWebUI}, navigate to Administer > User Groups, and click Create User Group.
-
Specify the name of the new user group. Do not select any users to avoid adding users automatically when you refresh the external user group.
-
Click the Roles tab and select the roles you want to assign to the user group. Alternatively, select the Administrator checkbox to assign all available permissions.
-
Click the External groups tab, then click Add external user group, and select an authentication source from the Auth source drop-down menu.
Specify the exact name of the external group in the Name field.
-
Click Submit.