The Database Administration tool enables you to import users from an LDAP or Microsoft ADS server.
You can import all users contained in specific organizational units of the directory structure.
WorkSite Server allows only user information to be imported; container information is not maintained.
NOTE
If you are adding more than a few LDAP Directory users from a common directory, Autonomy recommends that you use the Directory Service Synchronization Service described in
Chapter 11, “Directory Service Synchronization Service.” This service allows you to automate the import and synchronization of users from ADS or LDAP.
Adding LDAP Directory users is a multi-step process that requires you to know details about the LDAP Directory tree. You should be able to access the LDAP Directory server as an
administrator, and you will need to know the attributes used to store user information.
The following steps describe how to add users from an LDAP Directory.
1. Select the required database in the tree frame of the main program window.
2. Click the Database icon and select the User information table.
3. Click the Add icon from the toolbar or select Add from the Manage menu.
The Add New Users dialog box is displayed.
4. Click the LDAP Directory Users tab.
Figure 31 LDAP Directory Users Tab
5. Click Login to LDAP. The LDAP Authentication dialog opens.
Managing Users
Figure 32 LDAP Authentication Dialog
6. Under Directory Type, select Microsoft Active Directory or LDAP based on the type of directory service your organization uses.
7. Under Credentials, select one of the following options:
Use Sync Server Login—If you have WorkSite Directory Service Synchronization installed, you can use the configuration information stored for the service to
authenticate with the LDAP server. You must have Directory Service Synchronization configured to communicate with the LDAP server to use this option. In the Sync Service Server field, enter the computer name where Directory Service Synchronization is installed.
Other Login—Use this option to manually authenticate with the LDAP Server. Enter the fully qualified distinguished name of a user with administration privileges in the User ID field and the user’s password in the Password field.
8. In the TCP port field, enter the port number that the LDAP server uses to communicate.
The default port is 389.
9. In the LDAP Server field, enter the name of the server that is hosting the LDAP service.
10. Click OK. If the information entered is correct, the LDAP Attribute Mapping (User) dialog opens.
Figure 33 LDAP Attribute Mapping (User) Dialog
The LDAP Attribute Mapping (User) dialog (as shown in Figure 33) allows you to map the attributes used to store user information in your LDAP directory to corresponding user data fields used by the WorkSite database.
Each field has a list of LDAP attributes that are commonly used to contain the data for the corresponding WorkSite field. If none of the options in the list are correct, you may enter the name of an attribute in the field.
11. In the Name field under Organizational Unit, select or enter the LDAP attribute that contains the names of the Organizational Unit (OU) containers on your LDAP Directory tree.
NOTE
If the LDAP attribute mapped to the Name field for a OU container returns a blank, that container will not be displayed in the Container column of the LDAP Directory Users tab.
12. In the User section, select or enter the LDAP attributes for each of the WorkSite properties shown. Refer to Figure 33 for an example.
NOTE
If either of the LDAP attributes mapped to the Name or User ID fields for a user returns a blank, that user will not be displayed in the table frame of the LDAP Directory Users tab.
13. After completing the mapping of fields, click Update.
The LDAP Directory Users tab is displayed. If there are not too many directory objects (users) to display, all users that exist below the root level of the LDAP Directory are listed in the table frame.
Managing Users
Figure 34 Add New Users Dialog, LDAP Directory Users Tab
14. Select the server or container object in which the user is listed in the tree frame.
You can navigate between servers and container objects by selecting items in the tree frame.
Each time you click an item in the tree frame, the list of users associated with that item are displayed in the table frame. Click the “..” in the tree frame to navigate up the tree.
NOTE
To limit the number of users shown, refer to “Limiting the Number of Users Displayed” on page 80.
15. Select the user(s) to be added. Multiple users can be selected by using a Shift-click to select a continuous group or a Control-click to add individual users to those previously selected.
16. Select the External Users option to designate this user as an external user, such as a customer, part-time contractor, vendor or partner. By default, external users have limited privileges.
17. Enter the password in the Password and Confirm Password fields to change the password assigned to all new users.
18. Select User Must Change Password at Next Logon. This option forces users to change their passwords when they log in.
NOTE
Autonomy does not recommend selecting Password Never Expires when adding users.
19. Click Add, then click Close to save the changes and exit.
Limiting the Number of Users Displayed
1. After completing the mapping of fields, if there are too many directory objects (users) to display, the following error message is displayed:
Figure 35 Too many directory objects warning
After you close the warning message, the LDAP Directory Users tab is displayed but the table frame is empty.
2. Click Search Filter to display the LDAP Directory Search Filter dialog.
Managing Users
Figure 36 LDAP Directory Search Filter
3. Select the attribute to filter on in the LDAP Directory Search Filter dialog box:
Use Filter on Name Attribute. This check box applies search criteria against the contents of the Full Name column in the user table.
Use Filter on Account Name Attribute. This check box applies search criteria against the contents of the User ID column in the user table.
NOTE
Both attribute filters can be selected at the same time. When both filters are selected, the search criteria are treated as a logical AND operator. For an object to be displayed, it has to match both criteria.
4. Enter values for the Filter Value field(s).
5. Select the filter type:
Exact Match. The search object is returned only when there is an exact match with the value entered in the Filter Value field.
Starts With. The search object is returned only when it begins with the value entered in the Filter Value field.
6. Click OK to execute the search filter. The LDAP Directory Users tab is displayed with the results of the search.