1.Make sure the device upgraded with latest D3.5 build.
2.The device WebUI should be functional.
3.Make sure the Login-methods should be set as 'User Name / Password Validate on the Network' and user permissions method should be set as "Remotely on the Network using LDAP".
4.Make sure LDAP server should be configured in the device.
5.Make sure LDAP users added in device user database with SA rights.
5.Make sure the one/more User permissions role/Junior Administrator permissions role should be created.
Scenario 1: (Logged-In User role)
1.Navigate to CWIS->Login as LDAP user with SA rights->Logged-In users->Click "Edit User Mappings" for an existing role to go to the "Manage Permission Role" screen.
2.Select "All Logged-in Users with Exceptions" option and search the LDAP groups by entering the group name (enter first letter of the group) under the 'Add Exceptions' search box and pressing the 'Search for Groups' button it will list the groups after that press 'Add All Exceptions' button to move all groups to the role or else manually select the listed group one by one to move the group by pressing the 'Add Exception' button and apply the changes.
3.Download the auditlog and observe the auditlog will be captured entries for selected exception group users by group/user name and for remaining groups which is not added in the exceptions list in step2 is captured with special name "All Logged-in Users" in auditlog.
4.Follow step 1-3 to check for maximum of 25 LDAP groups.
Scenario 2: (Junior Administrator role)
5.Follow step 1 to go to CWIS->User permissions->Device Management->click "Edit User Mappings" for an existing role to go to the "Manage Permission Role" screen.
6.Follow step 2-4 to verify the events.
Scenario 3: (Removing exceptions)
7.Follow step 1 to go to CWIS->Logged-In users->Click "Edit User Mappings" for an existing role which has assigned LDAP groups with exceptions to this role to go to the "Manage Permission Role" screen.
8.Select "Remove All Exceptions" option under 'Everybody Except Users In Groups' and apply the changes.
9.Download the auditlog and observe the auditlog will captured entries for exception group users which is removed form step 2.
10.Verify that remaining group users and removed exception groups are added to the role should be captured with special naem "All Logged-in Users" in the auditlog.
12.Follow step 1 to go to CWIS->User permissions->Device Management->Click "Edit User Mappings" for an existing role which has assigned LDAP groups with exceptions to this role to go to the "Manage Permission Role" screen.
13.Follow step 8 to 11 and verify the auditlog events.
Scenario 1 and 2:
Auditfile.txt file should be captured separate entries for all the users added to that role with the below information for scenario 12 & 3:
Event ID: 144
Event Description: User or Group Role
Assignment
Username
Device name
Device serial number
User or group name (Added (for defined exceptions))
All Logged-in Users (Added (for remaining users))
Role name
\
Action: added
Scenario 3:
Auditfile.txt file should be captured separate entries for all the users removed from the role with the below information for scenario 1& 2:
Event ID: 144
Event Description: User or Group Role
Assignment
Username
Device name
Device serial number
User or group name (Removed (for defined exceptions))
All Logged-in Users (Added (for remining users and also including the removed exceptions users to be added to the role))
Role name
\
Action: Added/Removed