For additional authorization it is required to have configured LDAP server with complete structure. Site alias of the web site, i.e. its DN format should be indicated in SiteBuilder LDAP module configuration, and its password, i.e. UserPassword attributes are stored in LDAP records. Authorization is performed on the basis of these data. The registered web site with the same site alias must be stored in SiteBuilder database. The password indicated in SiteBuilder database is not verified when additional authorization is turned on. Only administrator is able to change user's password and he/she is able to do this only in LDAP data. SiteBuilder itself does not provide such an option to the administrator, i.e. the administrator is able to change user's password using any LDAP client of his/her choice, but unable to do it using SiteBuilder program. In order to avoid errors, occurring due to password change, user is unable to change password him/herself when additional authorization is turned on. The corresponding Password button with the link to Change Password page is missing in SiteBuilder Wizard during additional authorization. Also when the authorization is turned on, the access to SiteBuilder for trial sites is forbidden. All authorization features are applied to web sites only. Administrators (root and resellers) log in as usual.
All web site data except the password is stored in SiteBuilder database that is why it is important for the site alias in LDAP to correspond with SiteBuilder database record containing the same site alias.
When additional authorization is turned off everything starts operating as it used to before authorization process was initiated..
Below you find instruction regarding the process of turning on additional authorization.
On the Extra Features screen click Additional Authorization.
On the Additional Authorization screen select Additional Authorization module in pop-up list. After the module is selected, click Apply.
On the next Additional Authorization screen administrator specifies LDAP server host address, LDAP server port and LDAP distinguished name format (DN format).
Host address is specified in the LDAP Server Host Address line. Several host addresses can be entered there separated by space.
Example: myldaphost1.com 127.0.0.1.
Port number for each host can also be specified in this line. Host address are separated from port numbers by colon.
Example: myldaphost.1.com:8081.
If no value is entered as LDAP server host address then host address from LDAP configuration file is used.
More detailed information regarding LDAP functions is provided in LDAP API documentation.
Next parameter for specification is LDAP server port. It is entered in the LDAP Server Port line. This port number is used if no port number is provided in "host:port" format. If this port number is not specified then the port number from LDAP configuration file is used instead.
Third parameter on this screen is LDAP Distinguished Name Format (DN format). LDAP DN format is required for Additional Authorization initiation. DN stands for Distinguished Format. It is used for for Bind function while LDAP authorization takes place. Administrator uses macro %site_alias in DN which is replaced by Site Alias during LDAP Authorization.
Example: cn=%site_alias, dc=sitebuilder, dc=com.
Note: For site authorization LDAP Authorization process uses a pair of parameters: Site Alias and Password. So LDAP record for a site (identified with specified DN) has UserPassword attribute.
After specifying parameters, described above, click Apply. Upon this action additional authorization is initiated.