Authentication

The first step that must be completed after installing Redactor is to enable user access by choosing an authentication method. There are two choices: create/manage user accounts from within Redactor or integrate with a Microsoft Active Directory (LDAP) service. It is not a trivial process to later move to a different authentication method, so choose wisely.

Local Authentication

If a client does not have an existing LDAP system, using Local Authentication is the quickest and easiest way to get running. Users will need to be entered one-by-one through the Add A User form and can be managed in the Users List.

SMTP Settings

To allow users to reset their passwords on their own by receiving an email, complete the fields for the client’s outbound email service. If this option is not used, a user from the Redactor Admin group will need to login to reset the user’s password.

LDAP Authentication

For clients that have an existing Active Directory (AD) or LDAP service, choosing this type of authentication typically makes the most sense.

LDAP Server Credentials

  • Service Account Email - The email address of a user that has read-only access to query the AD/LDAP service. If possible, create a new user account on AD/LDAP with very restrictive permissions to only be used for this service account.
  • Password - The password of the service account above.
  • Domain Controller URI - The LDAP URI in the format ldap://host.example.com

Group Settings

Redactor has three different internal groups with varying permission levels: Admin, Supervisor, and User. The Group Settings configuration maps the client’s Active Directory group names to those in Redactor. Any users that are members of the AD groups mapped here will be able to login to Redactor and have access to all features granted by their group permissions.

To map an Active Directory group to a Redactor group:

  • Click the dropdown box inside either the Admin Groups, Supervisor Groups, or User Groups.
  • The list will expand to display all of the AD group names from the LDAP service.
  • Select an AD group name and click the “Add” button to the right.
  • More than 1 AD group can be mapped to a Redactor Group by repeating the above steps.
  • All Redactor Groups must have at least 1 AD group mapped to it before you’re allowed to proceed.
  • Important: Make sure you have the AD credentials of a user that’s in the AD group you assigned to Redactor’s “Admin Groups” above. If you don’t, you will NOT be able to access the /admin section to complete setup.
  • Click the Save Groups button at the bottom and wait for the server to restart.

When the server comes back online, you will be prompted to login. From this point forward, you must login with an AD/LDAP user account that’s a member of one of the Redactor Groups you defined above. If this is the first time you’re setting up this server, you should login with an account that’s in the Admin Groups since they have access to the /admin configuration section.