eGuide Q&A Session
Novell Cool Solutions: Feature
By John Peacock
Digg This -
Posted: 20 Jul 2005
eGuide Q&A Session - answers by John Peacock
Q1: We are trying to add custom attributes to the 'Information' tab for the user. We are able to add it to the LDAP server that eGuide is hitting, but the attribute is not showing up in the "LDAP Data Sources" section of the eGuide admin portal. Also, some items in the "LDAP Data Sources" section (such as givenname or initials) are not showing up in the 'Information' tab even though they exist in the 'Portal Layout' section. Essentially, how do we add a custom attribute to the 'Information' tab and how do we enable all of the already defined attributes?
A1: You'll need to refresh the schema (on the bottom of the LDAP Settings page) in order to see the new fields. Additionally, there are a number of situations where you have to stop and restart Tomcat to "see" changes to the system (this is likely to come up when you are doing customizations like this). From the server console, do this:
and you should see the changes. For example, after you add a field to the LDAP Data Sources/Attributes page, a stop/restart is required before you can see that field as active in Attribute Labels, if I remember correctly. Also see Answer 3 below for RBS information regarding custom fields.
Q2: Is it possible to link the eGuide site from another website running IIS web server and pass the creditials for a "single-sign-on" scenario? If so, how?
A2: This is not likely. IIS uses its own version of credentials, so unless you can convince it to send the same username and password along in the URL, you are out of luck.
Q3: We would like three different eGuide information view types, depending on the type of user they are:
- Public view of general items (similar to what is there by default)
- As self - view everything ... including personal information (spouse, children, etc.) with some editing ability on certain fields
- As the person's Manager - more than public, less then 'as self' - without editing abilities
Can we do this?
A3: All of the above should be possible with Role Based Security, but you need to play around with it to get it to work the way you want it to.
Basically, with RBS activated, users who are not logged in can see only those attributes that the eGuide proxy user has access to. Once they log in, they can see all attributes that are part of all of the Roles they are a member of. It would be a good idea to explicitly assign the eGuide Default View Role to the container where the user objects are located. That's because a condition could occur where the users can see things when not logged in - and those things vanish when they do log in.
But wait, there's more! If you want to add custom attributes and make them visible to logged-in users, you need to add those attributes to an eGuide Task and assign that task to the Default View Role. You can create Tasks that permit selective editing and assign that to whatever role you want. (For example, the receptionist could update only the phone numbers and extensions.)
If you want users to be able to edit their own fields, I believe all you need to do is check the "self administration" option under Security/Restrictions, but I think that opens up all of their fields for editing, not just the ones you permitted as writeable in their roles.
Q4: If I can get IIS to pass the credentials, do you know what the URL would look like for eGuide?
A4: The credentials would be passed as follows:
username = Value1 password = Value2
So the URL would look similar to this:
Remember to send all of the hidden variables as well as the two user input variables in the post.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com