WoodWing Help Center

Setting up users and user groups in Elvis 4

Setting up users and user groups in Elvis 4 Server

Users access the assets that are stored in Elvis by making use of any of the client applications such as the Desktop client, the Basic Web client or the InDesign client.

Before they can do this, they need to be given access to these clients and the stored assets. This is done by adding the users or user groups to Elvis and subsequently defining for each user or user group which clients and client features they can use, which folders and assets they can access, and which metadata fields they can see and edit.

This article describes the first step in this process: setting up users and user groups in Elvis.

Locations where users and user groups can be managed

Users and user groups can be managed in 2 locations: 

  1. In Elvis itself. This is typically done for very small setups such as a demo environment installed on a single laptop.
  2. In an external LDAP system such as Microsoft's Active Directory or Apple's Open Directory. This is common practice in production environments.

Default users

After installing Elvis Server, 2 default user accounts exist:

  • admin. This account is available for system administrators to access Elvis, especially during the installation of Elvis.
  • importmodule. This account is used by automated processes (such as the Hot folder import) for importing assets.

Note: Both accounts are 'super users' meaning that they have full permission to access all areas and perform all tasks.

IMPORTANT: For security reasons we advise to change the default password for these accounts. See the next section 'Managing users and user groups in Elvis'.

Managing users and user groups in Elvis

When no external LDAP system is available, managing users and user groups is done in Elvis itself. This is typically the case when a very small setup is used such as a demo environment installed on a single laptop.

Connecting Elvis to LDAP

In a typical production environment, users and user groups are centrally managed in an LDAP-system such as Microsoft's Active Directory or Apple's Open Directory. Other systems, such as Elvis Server, can connect to LDAP for authenticating users.

About groups within groups

LDAP allows you to configure groups within groups. However, this is not supported in Elvis.

If you do have such a setup in LDAP, define various groups specifically for Elvis and divide your users throughout those groups. This way you keep a clear overview of all user and group rights for Elvis without compromising your current LDAP configuration.

Configuring LDAP in Elvis

Configuring LDAP in Elvis is done through a configuration file. It contains examples for setting up Microsoft's Active Directory and Apple's Open Directory.

Note: Knowledge about LDAP in general and your LDAP environment in particular is required to configure LDAP in Elvis. It can be quite a challenge to find the correct search settings depending on how Active Directory or LDAP is set up.

Step 1. In the Config folder of your Elvis Server installation, open the following file:

ldap-config.properties.txt

Step 2. Choose the configuration example for the LDAP system that you use, comment-out the lines of code by removing the #-characters and update the options.

Note: Consult your LDAP administrator for the correct parameters.

  • ldapServerURL. The URL of the LDAP server.
  • ldapManagerDn. Add the username for logging in to LDAP.
  • ldapManagerPassword. Add the password for logging in to LDAP.
  • ldapAdditionalGroupFilter and ldapAdditionalUserFilter. Limit the visible users and groups in the Manage Permissions tab of the Elvis Desktop client.

Examples:

ldapAdditionalGroupFilter=(cn=Elvis*)
ldapAdditionalUserFilter=(memberOf=CN=Editors,cn=Users,dc=yourdomain,dc=loc)
  • ldapGroupSearchBase and ldapUserSearchBase. These settings for finding groups and users define the top level, most basic location of the groups or users. Enter no more than one value for each setting (such as 'ou=' or 'cn=').

Examples: 

Correct: 

ldapGroupSearchBase=ou=SMP
…
ldapUserSearchBase=ou=SMP

Incorrect:

ldapGroupSearchBase=ou=SMP,ou=Groups,ou=Woodwing
…
ldapUserSearchBase=ou=Users Staff,ou=SMP
  • Update the other settings as needed, for example those for finding groups (ldapGroupSearchBase, ldapGroupSearchFilter and ldapGroupRoleAttribute) and those for finding users (ldapUserSearchBase, ldapUserSearchFilter and ldapUserObjectClassRestrictions).

Step 3. Save the file.

Step 4. Restart Elvis Server.

Step 5. Verify in the Manage Permissions tab of the Desktop client that the user and user groups are available.

Users and user groups in the Desktop client

Figure: Viewing users and user groups in the Desktop client. Here, 2 new groups are listed: "Editors' and 'News desk' and one new user: 'rob.smart'.

Step 6. Define for the users or user groups which clients and client features they can use, which assets they can access, and which metadata fields they can see and edit.

Was this article helpful?
0 out of 0 found this helpful / Created: / Updated:
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.