19.1 Synchronizing Users and Groups from an LDAP Directory

19.1.1 Adjusting LDAP Synchronization of Users and Groups

Novell Vibe pulls user information from your LDAP directory service on the schedule that you set in the Configure LDAP page on the Administration page. The LDAP synchronization schedule was initially set up during installation, as described in Adding Vibe Users from Your LDAP Directory in Basic Installation in the Novell Vibe 3.3 Installation Guide. Therefore, to add new users to your Vibe site, you add the users to your LDAP directory, in a context from which Vibe synchronizes information.

As time passes, deletion of obsolete users and groups from your Vibe site becomes a larger concern. Periodically review the LDAP synchronization options described in LDAP Synchronization Options in Basic Installation in the Novell Vibe 3.3 Installation Guide to ensure that obsolete users and groups are being managed properly.

NOTE:If you change user information on the Vibe site, the changes are not transferred back to your directory service.

19.1.2 Synchronizing Additional LDAP Attributes

By default, Vibe synchronizes the following attributes from the LDAP directory:

  • First name

  • Last name

  • Phone number

  • E-mail address

  • Description

This information displays on each user’s personal user profile.

To synchronize additional LDAP attributes, complete the following sections:

Identifying or Creating a Vibe Field for the LDAP Attribute

Before you can synchronize Vibe user profiles with additional attributes from your LDAP directory, you first need to ensure that there is a corresponding Vibe field for the LDAP attribute that you want to synchronize.

To view the existing fields in the user profile:

  1. Navigate to a user profile and see if there is an existing field that corresponds to the LDAP attribute that you want to synchronize.

  2. If the appropriate field already exists, continue with Copying the Data Name of the Vibe Field.

    If the appropriate field doesn’t already exist, you must create it, as described in Section 3.2.4, Customizing the Default User Profile View.

Copying the Data Name of the Vibe Field

Each field in Vibe has an internal data name, which is added when the field is created. When you create a field by using the Form and View Designers tool, Vibe requires that you enter a data name. This name is how Vibe identifies the field.

To map an LDAP attribute to a Vibe field, you must find the data name for the field.

The following procedure shows how to find the data name for a particular field in the user profile:

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Settings icon in the upper right corner of the page, then click the Administration Console icon .

  3. In the System section, click Form/View Designers.

  4. Expand Profile View, then click User.

  5. Expand Profile Form Definition, expand Form, then locate the Vibe field that you want to synchronize with an LDAP attribute.

  6. Click the name of the field, then click Modify in the dialog box on the right side of the page.

  7. Copy the text in the Data Name field, then continue with Mapping the Vibe Field to the LDAP Attribute.

Mapping the Vibe Field to the LDAP Attribute

After you have copied the data name of the Vibe field that you want to synchronize with an LDAP attribute as described in Copying the Data Name of the Vibe Field, you can map the Vibe field to the LDAP attribute that you want to synchronize.

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Settings icon in the upper right corner of the page, then click the Administration Console icon .

    The Administration page is displayed.

  3. In the System section, click Configure LDAP.

    The map box in the Users section lists the LDAP attributes that are currently being synchronized.

    Users box on the COnfigure LDAP Synchronization page

    The items in the list have the following format:

    vibe_field_name=ldap_attribute_name
    
  4. Add a new line to the list, specifying the Vibe field name to the left of the equal sign (=) and the LDAP attribute name to the right of the equal sign.

    The vibe_field_name is the data name that you copied in Copying the Data Name of the Vibe Field, and ldap_attribute_name is the name of the LDAP attribute in your LDAP directory.

  5. Repeat Step 4 for each LDAP attribute that you want to add to the user profile.

  6. Select Run Immediately, then click Apply.

    The status box shows the LDAP attribute information being added to Vibe users.

19.1.3 Allowing Users to Log In When the LDAP Server is Down

You can configure the Vibe server to allow users who are being synchronized through LDAP to still have access to the Vibe server when the LDAP server is down.

  1. Change to the following directory:

    Linux:

    /opt/novell/teaming/apache-tomcat/
                               webapps/ssf/WEB-INF/classes/config
    

    Windows:

    c:\Program Files\Novell\Teaming\apache-tomcat\
                               webapps\ssf\WEB-INF\classes\config
    
  2. Make a backup copy of the ssf-ext.properties file, which is located in the same directory as the ssf.properties file.

  3. Open the ssf-ext.properties file in a text editor.

  4. Search for the following line:

    portal.password.auto.synchronize=false
    
  5. Change false to true, so that the line now reads portal.password.auto.synchronize=true.

  6. Save and close the ssf-ext.properties file.

  7. Stop and restart Vibe to enable users to log in to the Vibe site when the LDAP server is down.