The Database Administration tool enables you to import groups from an LDAP or Microsoft ADS server. WorkSite Server allows only the name of the group and the member list to be imported. No container information is maintained.
NOTE
If you are adding more than a few LDAP Directory groups from a common directory, Autonomy recommends that you use the Directory Service Synchronization Service described in
Chapter 11, “Directory Service Synchronization Service.” This service allows you to automate the import and synchronization of groups from ADS or LDAP.
Adding LDAP Directory groups is a multi-step process that requires you to know details about the LDAP Directory tree. You should be able to access the LDAP Directory server as an administrator, and you will need to know the attributes used to store user information.
The following steps describe how to add groups from an LDAP Directory.
1. Click the Group icon in the tree frame to display the database’s group information table in the table frame.
2. From the Manage menu, click Add, or click the Add icon in the toolbar.
The Add New Groups dialog opens.
3. Click the LDAP Directory Groups tab.
Managing Groups
Figure 42 LDAP Directory Groups Tab
4. Click Login to LDAP. The LDAP Authentication dialog opens.
Figure 43 LDAP Authentication Dialog
5. Under Directory Type, select Microsoft Active Directory or Netscape Directory.
6. Under Credentials, select the credentials Use Service Login or Other Login.
Current Group Credentials: Use this option if you are currently logged in to the system as an LDAP user with administration privileges. This is the default.
Other Login: Use this option if you are not logged in as an LDAP user with
administration privileges. Enter the fully qualified name of a user with administration privileges in the User DN field. Enter a password in the Password field.
7. Under TCP Port, select the TCP port that the LDAP server uses to communicate. The value of the default port is 389. If your LDAP server is not using this TCP port, select the Other Login option and enter a value in the TCP Port field.
8. Under LDAP Server, select the server that is hosting the LDAP service. The default server is the LDAP server that authenticated the current user.
If you want to connect to a different server or if you are not logged in as an LDAP user, select the Other Login option. Enter the name of the appropriate server in the LDAP Server field.
9. After entering all the necessary information in the fields of the LDAP Authentication dialog box, click OK. If the information entered is correct, the LDAP Attribute Mapping (Group) dialog box is displayed.
Managing Groups
Figure 44 LDAP Attribute Mapping (Group) dialog box
The LDAP Attribute Mapping (Group) dialog box allows you to map the attributes used to store group information in your LADP tree against corresponding group data fields used by the WorkSite Server database.
Each field has a list of LDAP attributes that are commonly used to contain the data for the corresponding WorkSite field. If none of the options in the list are correct, you may enter the name of an attribute in the field.
10. Locate the Organizational Unit section. In the Name field, select or enter the LDAP attribute for the OU containers on your LDAP directory tree.
NOTE
If the LDAP attribute mapped to the Name field for an Organizational Unit container returns a blank, that container will not be displayed in the Container column of the LDAP Directory Groups tab.
11. Locate the User section. In the User ID field, select or enter the LDAP attribute that contains the user IDs for your LDAP directory tree.
NOTE
If the LDAP attribute mapped to the User ID field for users returns a blank, the corresponding user will not be added to the group member list.
12. Under Group, select or enter the LDAP attributes for each of the WorkSite properties shown. Refer to Figure 44 for an example.
NOTE
If LDAP attributes mapped to the Name or Group ID fields returns a blank, the associated group will not be displayed on the LDAP Directory Groups tab.
13. After completing the mapping of fields, click OK.
The LDAP Directory Groups tab is displayed. When there are multiple directory objects (or groups), those that exist below the root are listed in the table frame.
Figure 45 Add New Groups Dialog, LDAP Directory Groups Tab
14. Select the server or container object in which the user is listed in the tree frame. You can navigate between servers and container objects by selecting items in the tree frame. Each time you click an item in the tree frame, the list of users associated with that item is displayed in the table frame. Click the “..” in the tree frame to navigate up the tree.
15. Select the group(s) to be added. Multiple groups can be selected by using a Shift-click to select a continuous set of groups or a Control-click to add individual groups to those previously selected.
16. Select the External Group option to designate this group as an external group.
17. Click Add, then click Close to save the group(s) and exit.
Limiting the Number of Groups Displayed
Figure 46 illustrates the error message that appears when there are too many directory objects (or groups) to display. Click OK to display the LDAP Directory Groups window. Its table frame will be empty, but you can search filter to modify the display.
Managing Groups
Figure 46 Too many directory objects warning
1. Click Search Filter to display the LDAP Directory Search Filter dialog box.
Figure 47 LDAP Directory Groups, LDAP Directory Search Filter
o
2. Select the attribute to filter on in the LDAP Directory Search Filter dialog box:
Use Filter on Name Attribute. Applies search criteria against the contents of the Full Name column in the group table. This search filter should not be used against the LDAP Directory Groups table. It will cause nothing to be returned.
Use Filter on Account Name Attribute. Applies search criteria against the contents of the Group column in the group table.
NOTE
Both attribute filters can be selected at the same time. When both filters are selected, the search criteria is treated as a logical AND operator. For an object to be returned by the search, it has to match these entries.
3. Enter values for the Filter Value field(s).
4. Select the filter type:
Exact Match. The search object must exactly match the value entered in the Filter Value field.
Starts With. The search object must begin with the value entered in the Filter Value field.
5. Click OK to execute the search filter. The LDAP Directory Groups tab is displayed with the results of the search.