| |
The following LDAP directory configuration tasks are covered in this section:
When you add an LDAP directory, Novell® eGuide creates a User category for the new directory using the User attribute settings and mappings in the first directory added when you ran the eGuide Setup Wizard. It is therefore recommended that you make any desired changes to the initial directory's User attribute settings and mappings before adding other directories. For details, see Editing LDAP Attributes.
You can use directory configurations to increase search performance by taking advantage of eGuide's multi-threaded search capability. For example, you can break up a single large directory into multiple directory configurations within eGuide, with each pointing to a different search root. If the directory you are splitting up in this way requires user authentication, be sure to designate each directory configuration as part of the authentication group. For details on the Authentication Group feature, see Changing a Directory's Authentication Settings.
To add an LDAP directory configuration to the list of directories eGuide searches, do the following:
Click Directories > New.
On the LDAP Settings page, type at least the directory name, the host name (DNS name or IP address), and the port number.
All other settings are optional. For details, see Editing LDAP Settings.
IMPORTANT: The directory name can contain only letters, numbers, and underscore (_) characters. This name is used only as an identifier within the Administration Utility and cannot be changed once the directory has been added.
Click Save.
NOTE: You must provide the mandatory information and click Save before you can access the Attributes or Advanced page.
Click Attributes and configure the LDAP attributes you want eGuide users to be able to view and search on. For details, see Editing LDAP Attributes.
Click Save.
Click Directories, then make desired changes to the Login Server, Authentication Group, and Enabled settings for the directory you just added. For details on these settings, see Changing a Directory's Authentication Settings and Enabling/Disabling an LDAP Directory.
Click Save.
The Enabled setting determines whether a directory is available for user searches. To enable or disable a directory, do the following:
Click Directories.
Select or unselect Enabled for the desired directory.
Click Directories.
Click Remove for the desired directory.
NOTE: Novell eGuide will not let you remove the directory designated as the login server.
Click Directories.
Click Login Server for the directory you want to designate as the login (authentication) server.
The distinguished names and passwords for all users and user administrators who must authenticate to Novell eGuide must reside in the login server directory. Authentication is required, for example, if users or user administrators want to modify editable attributes. You may also choose to require authentication before users can access eGuide. For details, see Setting Restrictions.
WARNING: Changing the login server designation to a different directory could invalidate your Administration Roles settings if the distinguished names of all user administrators and eGuide administrators are not in the newly designated directory.
(Conditional) If you changed the Login Server designation, complete the following steps:
Click Directories > Edit (for the directory newly designated as the login server) > LDAP Settings.
Make the appropriate changes to the Authentication User Name, Authentication Password, and Authentication Search Root settings, then click Save.
For details, see Editing LDAP Settings.
Select General, select a valid User Authentication Key, and then click Save.
Click Administration Roles and make the needed changes to the administrator role lists with users from the new login server.
Select or unselect Authentication Group for the desired directory.
When Authentication Group is selected, users' authenticated credentials are used for searches in this directory. A directory must be part of the authentication group if you want users and user administrators to be able to modify editable attributes in that directory.
IMPORTANT: Make sure you select Authentication Group for a directory only if intended users' distinguished names and passwords are applicable within both that directory and the login server directory.
If Authentication Group is unselected, the directory's default proxy credentials are used.
Click Save.
Configuring an LDAP directory for use in Novell eGuide includes adjusting various settings, mapping attributes to template key names, deciding which attributes you want users to be able to search on, and deciding which attributes you want to allow users to modify themselves.
Click Directories > Edit (for the desired directory) > LDAP Settings.
Make the desired changes.
See Table 1, LDAP Settings for details on the LDAP settings.
Click Save.
Table 1. LDAP Settings
| Setting | Purpose |
|---|---|
Enabled |
Select to make the directory searchable. HINT: The Enabled setting also appears on the Directories page. |
Directory Name |
Specified when the directory was added and cannot be changed. |
Host Name |
Type either the LDAP server's IP address or DNS host name. IMPORTANT: You can change the host name to refer to a different LDAP server after initial configuration if the new server has the same schema configuration. If it does not, remove the current directory and add a new one with the new host name information. |
Port |
Type the LDAP server's port number. |
Enable SSL |
Select to enable SSL. IMPORTANT: Enabling SSL will work only if you have already set up SSL on the LDAP server. For details, see Configuring and Using SSL for LDAP Connections. |
Secure Port |
If Enable SSL is selected, type the secure port number. |
Search Root |
Type the distinguished name of the container you want as the search root (o=acmecorp, for example). |
Search Subcontainers |
Lets you specify which subcontainers within the root container to include in searches. Choose one of the following options:
|
Max Search Entries |
Type the maximum number of search result entries you want returned with each search. HINT: For greatest search efficiency, use a setting of 100 to 200. Do not set to more than 1000. |
Proxy User Name |
Type the search proxy distinguished name using LDAP format (for example, cn=admin,o=acmecorp). If you leave this field blank, Novell eGuide uses anonymous credentials or the LDAP server's proxy credentials (if defined) on LDAP queries. |
Proxy Password |
Type the search proxy password. |
Authentication Group |
Select to include the directory in the authentication group. eGuide uses the user's authenticated credentials to access directories in the authentication group. For those directories not included in the authentication group, eGuide uses default proxy credentials. |
Authentication User Name |
(Available only when configuring the directory designated as the login server.) Type the distinguished name of the authentication proxy using LDAP format (for example, cn=admin,o=acmecorp). eGuide uses this user object to search for and identify fully distinguished names during a contextless login. If you leave this field blank, eGuide uses anonymous credentials on all contextless login attempts. IMPORTANT: The user object assigned as the authentication proxy must have the Read right to all distinguished names and to the attribute designated in eGuide as the user authentication key on the login server. For details on the user authentication key, see Changing General Customization Settings. |
Authentication Password |
(Available only when configuring the directory designated as the login server.) Type the authentication user's password. |
Authentication Search Root |
(Available only when configuring the directory designated as the login server.) Type the distinguished name of the container where the authentication credentials search should begin. |
IMPORTANT: Whenever making changes to attribute mappings and settings, be sure to check all other eGuide settings where those attributes are referenced, especially in Display Layout.
To change a directory's attribute settings and mappings, do the following:
Select the search category you want to edit attributes for.
NOTE: Unless you have added a search category (see Adding and Modifying Search Categories), only the default User category is available.
Click Directories > Edit (for the desired directory) > Attributes.
Make the desired changes.
See Table 2, LDAP Attributes for details on each setting.
Click Save (at the bottom of the page).
The following table describes the purpose of each attribute setting.
Table 2. LDAP Attributes
| Setting | Purpose |
|---|---|
Enable |
Select to add this attribute to the Details panel displayed when a user clicks a search results entry. WARNING: To avoid XSL/browser rendering errors, do not select Enable for attributes containing binary information. The only exception to this rule is the Photo attribute, which Novell eGuide treats differently than other binary attributes. (See Enabling the Photo and PhotoAgree Attributes for details.) |
Template Key |
Provides a means for eGuide to treat similar attributes from different LDAP directories the same even though they have different names in their respective directories. For example, if one LDAP directory uses "lastname" and another uses "sn" for the attribute containing users' last names, you could create a template key name, such as LastName, and map both the LastName and SN attributes to that same key name. By default, eGuide uses the Novell eDirectoryTM attribute names as the template key names for the User category of the first directory you add when running the eGuide Setup Wizard. WARNING: Do not assign the same template key name to more than one attribute. |
Searchable |
Select to add this attribute to the search filter list, thus allowing users to search on the attribute. |
Editable |
Select if you want to allow users and user administrators to edit this attribute. For details on enabling self administration, see Setting Restrictions. For details on designating user administrators, see Assigning Administration Roles. This option is available only for directories designated as the login server or as part of the authentication group. For details, see Changing a Directory's Authentication Settings. IMPORTANT: Selecting Editable for an attribute in eGuide does not grant users and user administrators the necessary rights within the LDAP directory. You must have already granted those rights at the directory level for this feature to work properly. You must also enable Self Administration if you want users to be able to edit the attribute. For details, see Setting Restrictions. |
If you want users to have the ability to send instant messages and start a NetMeeting* directly from the Novell eGuide Details panel, you must map several special template key names and enable the associated attributes.
Table 3. Instant Messaging and NetMeeting Attribute Mappings
| Map This Template Key Name | To the LDAP Attribute Containing This Information |
|---|---|
InstantMessagingID |
AOL Instant Messaging* screen names |
YahooIMID |
Yahoo!* IDs |
NetMeetingID |
NetMeeting IDs |
Novell eGuide reads the schema of an LDAP directory only when you first add the directory. If you make a change to the schema (such as adding an attribute to a schema class) and want that change reflected in eGuide, you must refresh the schema. Click Directories > Edit (for the desired directory) > LDAP Settings > Refresh Schema.
NOTE: eGuide never changes an LDAP directory's schema.
A search category is an entity Novell eGuide uses to represent a combination of LDAP classes.
For example, when you add the first directory to eGuide, the User search category is created, which by default is comprised of the following classes: InetOrgP erson, OrganizationalPerson, and Person. The attributes within these User classes appear in the Attributes page where you configure how eGuide uses them in the eGuide client. Also, the User category label---Find People---appears in the first search filter drop-down list in the eGuide client.
NOTE: The InetOrgPerson, OrganizationalPerson, and Person classes mentioned above were used only if they existed in the first directory you added.
If desired, you can add and remove schema classes within an existing category. You can also add or remove entire search categories.
Click Directories > Edit (for the desired directory) > Advanced.
Select the category you want to modify.
To add a schema class to the category, click the class in the Available box, then click the right arrow to move it to the Selected box.
Reverse the process in Step 3 to remove a class.
Click Save after making all desired changes to this category.
If you only removed one or more schema classes, you are done. If you added one or more classes, continue with Step 6.
Click the Attributes tab and edit the settings and mappings for the attributes of the newly added classes.
For details, see Editing LDAP Attributes.
IMPORTANT: If you just added one or more schema classes to a newly added search category, you must enable at least one attribute and make at least one attribute searchable before users can access that category from the Novell eGuide client.
Use Display Layout to indicate what attributes should be displayed in the Search, List, Details, and Org Chart forms in the eGuide client.
For details, see the following sections:
Change the text displayed in the Category drop-down list in the eGuide client.
Click Directories > Edit (for the desired directory) > Advanced > New.
Type the name of the new category.
Add at least one schema class and configure its associated attributes.
For details, see Adding and Removing Schema Classes from a Search Category.
Click Save.
Click Directories > Edit (for the desired directory) > Advanced.
Select the desired category.
NOTE: User is a mandatory category; Novell eGuide will not let you remove it.
Click Remove category_name.
You can configure Novell eGuide so that users' digital photographs are displayed along with the textual information in the Details panel. The photos must be in GIF, JPG, or BMP format and can be stored as the Photo attribute within the LDAP directory or as separate files in the server's file system.
If you have multiple directories you want to include photos with, repeat the instructions below for each directory.
Click Photo Properties.
Select the photo store location (LDAP or File).
If you selected LDAP, skip to Step 4. If you selected File, continue with Step 3.
Type the relative path to the directory where the photo files will be stored.
The path must be relative to the Novell eGuide directory created during installation, as displayed below the Photo Store Path label. For example, if the eGuide directory path is SYS:\WEBAPPS\EGUIDE and you type the directory name "photo," the full path to the photo directory will be SYS:\WEBAPPS\EGUIDE\PHOTO.
HINT: You can use backward (\) or forward slashes (/) in the relative directory path if it is more than one level deep (for example, /sales/photos or \sales\photos).
Specify in kilobytes the maximum allowable size for each photo.
The default size is 60K.
Select Require Photo Agreement if you want users to accept a photo agreement before displaying their photos in eGuide.
IMPORTANT: Self Administration must be enabled for users to access the photo agreement. For details, see Setting Restrictions.
If Require Photo Agreement is selected, a user's photo will not be displayed in the Details panel until the user accepts the agreement. Users see the photo agreement when they click Modify Photo when editing their personal information in the eGuide client.
eGuide includes a sample photo agreement---Photo.Agreement.Label--- you can edit using the Display Labels feature. For details on editing display labels, see Editing Label Text.
Select Allow Users to Upload if you want to give users the ability to upload their own photo files to the designated photo store location.
IMPORTANT: Self Administration must be enabled for users to upload photos. For details, see Setting Restrictions.
If Allow Users to Upload is selected, users can upload a photo by clicking Modify Photo when editing their personal information in the eGuide client.
Click Save.
The Photo attribute must be enabled for photos to be displayed in the Details panel. You must also mark both the Photo and PhotoAgree attributes as Enabled and Editable before you allow users to upload photos or use the photo agreement.
Click Directories > Edit (for the directory containing the photos) > Attributes.
Find the Photo attribute, select Enable, and then select Editable.
Find the PhotoAgree attribute, select Enable, and then select Editable.
Click Save.
If you opted to store photo files in a file system directory and to allow users to upload their own photos, Novell eGuide automatically does the following at upload time:
The subdirectory has the same name as the LDAP directory where the user's photo attribute is stored.
The new filename consists of the user's LDAP distinguished name (with underscore characters instead of commas) and the same file extension as the original file. For example, if the user's distinguished name is cn=jdoe,o=acmecorp and the user uploaded a GIF file, then cn=jdoe_o=acmecorp.gif is the photo filename eGuide assigns.
The reference is a URL that is relative to the eGuide directory created during eGuide installation. The relative URL consists of the directory specified as the photo store location, the subdirectory eGuide created, and the new photo filename. For example, suppose the following information applies for a user uploading a photo file:
The resulting reference would be /photo/employees/cn=jdoe_o=acmecorp.gif.
If you want to place the photo files in the photo store location yourself, you must manually enter the relative or absolute photo file references in users' Photo attributes in the LDAP directory.
| |