Most TeamWorks deployments use one or more existing LDAP sources, such as GroupWise, eDirectory, and Active Directory to control user access to the system.
The following sections help you ensure that TeamWorks includes the users and groups that will use its services.
LDAP and TeamWorks: As you plan and deploy LDAP and TeamWorks, be aware of the following:
Synchronization Is One-way: LDAP synchronization is only from the LDAP directory to your TeamWorks site. If you change user information on the TeamWorks site, the changes are not synchronized back to your LDAP directory.
Multi-Value Attributes Not Supported: If your LDAP directory contains multi-value attributes, TeamWorks recognizes only the first attribute.
For example, if your LDAP directory contains multiple email addresses for a given user, only the first email address is synchronized to TeamWorks.
LDAP Must Be Online: LDAP-imported users always authenticate to TeamWorks via the LDAP source. If the LDAP source is unavailable for any reason, the LDAP-imported users cannot log in to TeamWorks.
Multiple Connections Are Supported, but you should never configure multiple LDAP connections to point to the same location on the same LDAP directory. If you need a failover solution, you should use a load balancer.
Table 4-1 Worksheet 4—GroupWise LDAP Server
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Tree Name: |
|
Server Information tab |
|
Users tab: |
|
Groups tab: |
For help, see
|
Table 4-2 Worksheet 4—eDirectory LDAP Server
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Tree Name: |
|
Configuration Details: |
|
Server Information tab |
|
Users tab: |
|
Groups tab: |
For help, see
|
Table 4-3 Worksheet 4—Active Directory LDAP Server
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Forest Name: |
|
Configuration Details: |
|
Server Information |
|
Server Information tab: |
|
Users tab: |
For help, see
|
Groups tab: |
For help, see
|
Table 4-4 Worksheet 4—Duplicate User and Group Accounts
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Duplicate User or Group Accounts |
TeamWorks doesn’t accommodate duplicate user or group account names. Each LDAP-imported and manually created account must have a unique name. You must eliminate all duplications before importing or adding users or groups. For example, let’s say that joe_user exists in both Active Directory and GroupWise, and Joe also needs a manually created TeamWorks account. You might change the Active Directory name to j_user and specify JoeU for the manual TeamWorks account. WARNING:Attempts to import duplicate accounts always fail, and in some cases they cause access problems for previously created accounts. Do the following:
|
Table 4-5 Worksheet 4—User Names with Invalid Characters
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
User Names with Invalid Characters |
For LDAP user names to be usable in TeamWorks, they must contain only alpha-numeric characters:
If they contain ASCII or special characters, such as / \ * ? " < > : | , then although they will synchronize as TeamWorks user names, the associated users won’t be able to log in. TeamWorks uses synchronized user names to set paths to each user workspace in the file system. However, Linux and Windows file systems don’t support special characters, rendering TeamWorks’s path statements unresolvable. Do the following:
|
Table 4-6 Worksheet 4—Non-LDAP Users
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Non-LDAP Users |
|
Table 4-7 Worksheet 4—Non-LDAP Groups
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Non-LDAP Groups |
|
Table 4-8 Worksheet 5—LDAP Synchronization
Heading, Label, or Topic: |
Information and Instructions: |
---|---|
Nested Groups: |
|
Frequency of LDAP Changes: |
|
Synchronization Schedule tab |
|