Give specific rights to a set of LDAP accounts MERGEME

TODO: merge this guide with Give specific rights to a set of LDAP accounts

If you have a MindTouch install that you have integrated with your Active Directory server or LDAP but you want to limit access to a select few do the following:

Change the default role for newly created users in Configuration -> Advanced Config by changing the following configuration key to None

security/new-account-role 

Create a group within AD that are the users you want to have access to MindTouch.

Add this group in MindTouch and give it the Role Contributor (Or the default role you'd like to give to users).

If there are users already created in the system then set their roles to None in the User management section.  The users will then inherit their role from the group.  

Note: Don't change the role for the Admin user as you'll need to have Administrative access to MindTouch.  

This will then dictate that when a user tries to login and they have a None role they will not be able to access anything. If they are in the group that you have setup, then they will be able to access accordingly.