The following LDAP data source configuration tasks are covered in this section:
When you add an LDAP data source, Novell eGuide creates a User category for the new directory using the User attribute settings and mappings in the first directory added when you ran the eGuide Setup Wizard. It is therefore recommended that you make any desired changes to the initial directory's User attribute settings and mappings before adding other directories. For details, see Editing LDAP Attributes .
You can use directory configurations to increase search performance by taking advantage of eGuide's multithreaded search capability. For example, you can break up a single large directory into multiple directory configurations within eGuide, with each pointing to a different search root. If the directory you are splitting up in this way requires user authentication, be sure to designate each directory configuration as part of the authentication group. For details on the Authentication Group feature, see Changing a Directory 's Authentication Settings .
To add an LDAP data source configuration to the list of directories eGuide searches:
Click LDAP Data Sources > New.
On the LDAP Settings page, enter at least the directory name, the host name (DNS name or IP address), and the port number.
All other settings are optional. For details, see Editing LDAP Settings .
IMPORTANT: The directory name can contain only letters, numbers, and underscore (_) characters. This name is used only as an identifier within the Administration Utility and cannot be changed once the directory has been added.
Click Save.
You must provide the mandatory information and click Save before you can access the Attributes or Advanced page.
Click Attributes and configure the LDAP attributes you want eGuide users to be able to view and search on.
For details, see Editing LDAP Attributes .
Click Save.
Click LDAP Data Sources and then make desired changes to the Login Server, Authentication Group, and Enabled settings for the directory you just added.
For details on these settings, see Changing a Directory 's Authentication Settings and Enabling/Disabling an LDAP Data Source .
Click Save.
The Enabled setting determines whether a directory is available for user searches.
Click LDAP Data Sources.
Select or unselect Enabled for the desired directory.
Click LDAP Data Sources.
Click Remove for the desired directory.
Novell eGuide will not let you remove the directory designated as the login server.
Click LDAP Data Sources.
Click Login Server for the directory you want to designate as the login (authentication) server.
The distinguished names and passwords for all users and user administrators who must authenticate to Novell eGuide must reside in the login server directory. Authentication is required, for example, if users or user administrators want to modify editable attributes. You can also choose to require authentication before users can access eGuide. For details, see Setting Restrictions .
WARNING: Changing the login server designation to a different directory could invalidate your Administration Roles settings if the distinguished names of all user administrators and eGuide administrators are not in the newly designated directory.
(Conditional) If you changed the Login Server designation, complete the following steps:
Click LDAP Data Sources > Edit (for the directory newly designated as the login server) > LDAP Settings.
Make the appropriate changes to the Authentication User Name, Authentication Password, and Authentication Search Root settings, and then click Save.
For details, see Editing LDAP Settings .
Select General, select a valid User Authentication Key, then click Save.
Click Administration Roles and make the needed changes to the administrator role lists with users from the new login server.
Select or unselect Authentication Group for the desired directory.
When Authentication Group is selected, users' authenticated credentials are used for searches in this directory. A directory must be part of the authentication group if you want users and user administrators to be able to modify editable attributes in that directory.
IMPORTANT: Make sure you select Authentication Group for a directory only if intended users' distinguished names and passwords are applicable within both that directory and the login server directory.
If Authentication Group is unselected, the directory's default proxy credentials are used.
Click Save.
Configuring an LDAP data source for use in Novell eGuide includes adjusting various settings, mapping attributes to template key names, deciding which attributes you want users to be able to search on, and deciding which attributes you want to allow users to modify themselves.
Click LDAP Data Sources > Edit (for the desired directory) > LDAP Settings.
Make the desired changes.
See Table for details on the LDAP settings.
Click Save.
Table . LDAP Settings
Setting | Purpose |
---|---|
Enabled |
Select to make the directory searchable. HINT: The Enabled setting also appears on the LDAP Data Sources page. |
Directory Name |
Specified when the directory was added and cannot be changed. |
Host Name |
Enter either the LDAP server's IP address or DNS host name. IMPORTANT: You can change the host name to refer to a different LDAP server after initial configuration if the new server has the same schema configuration. If it does not, remove the current directory and add a new one with the new host name information. |
Port |
Enter the LDAP server's port number. |
Enable SSL |
Select to enable SSL. IMPORTANT: Enabling SSL will work only if you have already set up SSL on the LDAP server. For details, see Configuring and Using SSL for LDAP Connections . |
Secure Port |
If Enable SSL is selected, enter the secure port number. |
Search Root |
Enter the distinguished name of the container you want as the search root (o=acmecorp, for example). |
Search Subcontainers |
Lets you specify which subcontainers within the root container to include in searches. Choose one of the following options:
|
Max Search Entries |
Enter the maximum number of search result entries you want returned with each search. HINT: For greatest search efficiency, use a setting of 100 to 200. Do not set to more than 1000. |
Proxy User Name |
Enter the search proxy distinguished name using LDAP format (for example, cn=admin,o=acmecorp). If you leave this field blank, Novell eGuide uses anonymous credentials or the LDAP server's proxy credentials (if defined) on LDAP queries. |
Proxy Password |
Enter the search proxy password. |
Authentication Group |
Select to include the directory in the authentication group. eGuide uses the user's authenticated credentials to access directories in the authentication group. For those directories not included in the authentication group, eGuide uses default proxy credentials. |
Authentication User Name |
(Available only when configuring the directory designated as the login server.) Enter the distinguished name of the authentication proxy using LDAP format (for example, cn=admin,o=acmecorp). eGuide uses this User object to search for and identify fully distinguished names during a contextless login. If you leave this field blank, eGuide uses anonymous credentials on all contextless login attempts. IMPORTANT: The User object assigned as the authentication proxy must have the Read right to all distinguished names and to the attribute designated in eGuide as the user authentication key on the login server. For details on the user authentication key, see Changing General Customization Settings . |
Authentication Password |
(Available only when configuring the directory designated as the login server.) Enter the authentication user's password. |
Authentication Search Root |
(Available only when configuring the directory designated as the login server.) Enter the distinguished name of the container where the authentication credentials search should begin. |
IMPORTANT: Whenever making changes to attribute mappings and settings, be sure to check all other eGuide settings where those attributes are referenced, especially in Display Layout.
Select the search category you want to edit attributes for. Unless you have added a search category (seeModifying Search Categories ) only the default User category is available
Click LDAP Data Sources > Edit (for the desired directory) > Attributes.
Make the desired changes.
See Table , LDAP Attributes for details on each setting.
Click Save (at the bottom of the page).
The following table describes the purpose of each attribute setting.
Table . LDAP Attributes
Setting | Purpose |
---|---|
Enable |
Select to add this attribute to the Details panel displayed when a user clicks a search results entry. WARNING: To avoid XSL/browser rendering errors, do not select Enable for attributes containing binary information. The only exception to this rule is the Photo attribute, which Novell eGuide treats differently than other binary attributes. |
Template Key |
Provides a means for eGuide to treat similar attributes from different LDAP directories the same even though they have different names in their respective directories. For example, if one LDAP data source uses "lastname" and another uses "sn" for the attribute containing users' last names, you could create a template key name, such as LastName, and map both the LastName and SN attributes to that same key name. By default, eGuide uses the Novell eDirectoryTM attribute names as the template key names for the User category of the first directory you add when running the eGuide Setup Wizard. WARNING: Do not assign the same template key name to more than one attribute. |
Searchable |
Select to add this attribute to the search filter list, thus allowing users to search on the attribute. |
Editable |
Available only for directories designated as the login server or as part of the authentication group. For details, see Changing a Directory 's Authentication Settings . Select if you want to allow users and user administrators to edit this attribute. For details on enabling self administration, see Setting Restrictions . For details on designating user administrators, see Managing Administration Roles . IMPORTANT: Selecting Editable for an attribute in eGuide does not grant users and user administrators the necessary rights within the LDAP data source. You must have already granted those rights at the directory level for this feature to work properly. You must also enable Self Administration if you want users to be able to edit the attribute. For details, see Setting Restrictions . |
If you want users to have the ability to send instant messages and start a NetMeeting directly from the Novell eGuide Details panel, you must map several special template key names and enable the associated attributes.
Table . Instant Messaging and NetMeeting Attribute Mappings
Map This Template Key Name | To the LDAP Attribute Containing This Information |
---|---|
InstantMessagingID |
AOL Instant Messaging screen names |
NetMeetingID |
NetMeeting IDs |
YahooIMID |
Yahoo!* IDs |
Novell eGuide reads the schema of an LDAP data source only when you first add the directory. If you make a change to the schema (such as adding an attribute to a schema class) and want that change reflected in eGuide, you must refresh the schema. Click LDAP Data Sources > Edit (for the desired directory) > LDAP Settings > Refresh Schema.
NOTE: eGuide never changes an LDAP data source's schema.
A search category is an entity Novell eGuide uses to represent a combination of LDAP classes.
For example, when you add the first directory to eGuide, the User search category is created which, by default, is comprised of the following classes: InetOrgP erson, OrganizationalPerson, and Person. The attributes within these User classes appear in the Attributes page where you configure how eGuide uses them in the eGuide client. Also, the User category label---Find People---appears in the first search filter drop-down list in the eGuide client.
NOTE: The InetOrgPerson, OrganizationalPerson, and Person classes mentioned above are used only if they existed in the first directory you added.
If desired, you can add and remove schema classes within an existing category. You can also add or remove entire search categories.
Click LDAP Data Sources > Edit (for the desired directory) > Advanced.
Select the category you want to modify.
To add a schema class to the category, select the class from the Available box, and click the right-arrow to move it to the Selected box.
Reverse the process in Step 3 to remove a class.
Click Save after making all desired changes to this category.
If you only removed one or more schema classes, you are done. If you added one or more classes, continue with Step 6.
Click the Attributes tab and edit the settings and mappings for the attributes of the newly added classes.
For details, see Editing LDAP Attributes .
IMPORTANT: If you just added one or more schema classes to a newly added search category, you must enable at least one attribute and make at least one attribute searchable before users can access that category from the Novell eGuide client.
Use Display Layout to indicate what attributes should be displayed in the Search, List, Details, and Org Chart forms in the eGuide client.
For details, see the following sections:
Change the text displayed in the Category drop-down list in the eGuide client.
Click LDAP Data Sources > Edit (for the desired directory) > Advanced > New.
Enter the name of the new category.
Add at least one schema class and configure its associated attributes.
For details, see Adding and Removing Schema Classes from a Search Category .
Click Save.
Click LDAP Data Sources > Edit (for the desired directory) > Advanced.
Select the desired category.
User is a mandatory category; Novell eGuide will not let you remove it.
Click Remove category_name.