{
    "header": {
        "version": 1,
        "type": "record",
        "approw-key": "CFG_LOGIN"
    },
    "body": {
        "record1": {
            "<1>": "0",
            "<2>": "OIUsers",
            "<3>": "OiAdmin",
            "<4>": "Rev_SysAdmin",
            "<5>": "0",
            "<6>": "",
            "<7>": "",
            "<8>": "",
            "<9>": "",
            "<10>": "",
            "<11>": "",
            "<12>": "",
            "<13>": "",
            "<14>": "",
            "<15>": "",
            "<16>": "",
            "<17>": "",
            "<18>": "",
            "<19>": "",
            "<20>": "*-------------------------------------------------------",
            "<21>": "* SYSENV*CFG_LOGIN",
            "<22>": "*-------------------------------------------------------",
            "<23>": "* This record controls single sign on behavior",
            "<24>": "* Set loginmode (field 1) , user groups ( fields 2,3, 4), local group flag (field 5) as needed",
            "<25>": "* Save as CFG_LOGIN*MYAPP to make an application specific setting",
            "<26>": "* Save as CFG_LOGIN to affect all applications in this copy of OpenInsight",
            "<27>": "",
            "<28>": "*---",
            "<29>": "* Layout",
            "<30>": "*---",
            "<31>": "* <1> = LoginMode",
            "<32>": "* <2> = LDAP (and/or local) Groups whose members are Normal users",
            "<33>": "* <3> = LDAP (and/or local) Groups whose members are Admin users",
            "<34>": "* <4> = LDAP (and/or local) Groups whose members are Sysadmin users",
            "<35>": "* <5> = LocalGroupsFlag",
            "<36>": "*---",
            "<37>": "",
            "<38>": "*--",
            "<39>": "* LoginMode Description",
            "<40>": "*--",
            "<41>": "* LoginMode = \"0\" (or \"\" or invalid) ==> use legacy authentication, require a username/password combination define in the OpenInsight application users list.",
            "<42>": "* LoginMode = \"1\"         ==> get network user name, no password required, user name must exist in OpenInsight application users list.",
            "<43>": "* LoginMode = \"2\"         ==> get network user name, no password required, user must be a member of a network group listed in config record <2>, <3>, or <4>",
            "<44>": "",
            "<45>": "*--",
            "<46>": "* LocalGroupsFlag Description",
            "<47>": "*--",
            "<48>": "* LocalGroupsFlag = \"0\" (or \"\" or invalid) ==> Only LDAP groups are checked for membership",
            "<49>": "* LocalGroupsFlag = \"1\"         ==> Check LDAP groups for membership first, and if not found, check local groups",
            "<50>": "* LocalGroupsFlag = \"-1\"        ==> Check local groups ONLY for membership (do not check LDAP groups)",
            "<51>": "",
            "<52>": "*---",
            "<53>": "* Notes",
            "<54>": "*--",
            "<55>": "* The Login process will search for a record named CFG_LOGIN*appname, for example CFG_LOGIN*EXAMPLES",
            "<56>": "* If that record does not exist OI will search for this record, CFG_LOGIN",
            "<57>": "* If CFG_LOGIN does not exist OI will behave as if loginmode = 0"
        }
    }
}