LDAP/Active Directory
Groups and Users
In AD/LDAP, Organizational Units or Security Groups are set up through the directory services. In the MEDIAL security administration section, you set up groups with names that exactly match the names of the Organizational Units (OU's) or Security Groups. The following figure depicts the relationship between Active Directory setup, MEDIAL groups, and the media categories associated with groups.
It is up to the system administrator to choose whether the use of OU's or Security Groups best meets the institution's requirements.
Logging In
When a user signs in, MEDIAL queries the directory service to determine if the user is registered in the directory and to find out which OU or Security Group the user belongs to. If the user is not defined in AD/LDAP or the OU or Security Group does not map to a MEDIAL group, access is denied with an appropriate error message.
For example, if a user is a member of the Staff OU in LDAP, but there is no corresponding group called Staff defined in MEDIAL, the access attempt is denied.
In the MEDIAL administration security section, you define only the groups. The user setup feature of MEDIAL is not used when AD/LDAP is deployed.
User Privileges
Once MEDIAL authenticates the user through directory services, it grants the user access to media based on the categories assigned to the group and the chosen group permissions:
- None
- View
- View and Upload
- View, Upload and Administer
Learning Tools Authentication
MEDIAL supports both Moodle and Blackboard learning environments. After you install the plugins that integrate MEDIAL into a learning environment, you can use AD/LDAP to authenticate the users who are accessing the media library through the environment. MEDIAL also supports authentication through LTI, which is natively supported by Moodle and Blackboard. You can also use a combination of AD/LDAP and LTI.
You specify the authentication method in the administration security section. See Learning Tools Interoperability.