Update 2018
Starting with Adaxes 2018.1 you can limit access to AD structure in the Web interface by specifying a top level node. For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_WebInterfaceCustomization_PreventUsersFromViewingTheADStructure.htm.
Original
Hello,
Yes, you can set up a Web Interface site, in which the scope of the actions depends on who is logged on to the Web Interface. For each action, you can specify a target container where it will be possible to select the objects on which to execute the action. Instead of providing a specific container, you can use a value reference. When the action is executed, the value reference will be replaced with a property value of the user logged on to the Web Interface. In your case, you can use the %adm-PrentDN% value reference. It will be replaced with the Distinguished Name (DN) of the container where the logged in user is located.
To configure an existing Home Page Action:
- Launch the Web interface Customization tool.
- In the Interface type drop-down list, select the Web Interface you want to configure.
- On the General tab, click Configure Home Page Actions.
- Select the action you want to configure, for example, Create User, and click Edit.
- Activate the Target Container tab.
- Enable the Select specific AD container or OU by default option.
- Click the Insert a reference to a property value button near the Container DN field.
- Click Show all properties and select adm-ParentDN. Click OK.
- Select Always use this OU/Container.
- Click OK twice.
You can use the same approach to any other actions you need.
You can also configure the Web Interface Active Directory Pane to display only the OU a user can have access to. To learn how to do this, refer to the following tutorial: http://www.adaxes.com/tutorials_WebInte ... ryPane.htm.
On the Step 5 of this tutorial, you need to specify %adm-ParentDN% in the Object DN field.
