Path: Port 8443 Filr Admin Console System > LDAP
Best Practice: Plan your LDAP Servers and use the following table when working in this dialog:
NOTE:It is highly recommended that internal and external users are not imported from the same LDAP server. This ensures clear isolation between external and internal LDAP sources while Filr administrators assign different Access Control Lists for Filr users.
Table 6-1 Using the LDAP Configuration dialog
Field, Option, or Button |
Information and/or Action |
---|---|
LDAP Configuration dialog |
|
LDAP Servers tab |
|
|
|
|
|
|
HINT:If you have just added or modified the LDAP Servers configuration, you must save it by clicking OK before running an LDAP synchronization.
|
|
HINT:If you have just added or modified the LDAP Servers configuration, you must save it by clicking OK before previewing an LDAP synchronization.
|
|
|
LDAP servers list |
|
|
|
|
|
|
|
User Settings tab |
|
|
|
|
|
For user accounts provisioned from LDAP that are no longer in LDAP sub-section |
|
|
|
|
IMPORTANT:A deleted user cannot be undeleted; this action is not reversible.
|
Use the following when creating new users sub-section |
|
|
|
|
|
Group Settings tab |
|
|
|
|
|
|
|
|
IMPORTANT:A deleted group cannot be undeleted; this action is not reversible.
|
Synchronization Schedule tab |
|
|
|
|
|
|
|
|
|
|
|
Local User Accounts tab |
|
|
|
Path: Port 8443 Filr Admin ConsoleSystem > LDAP > Add button
Best Practice: Plan your LDAP Servers and use the following table when working in this dialog:
Table 6-2 Using the LDAP Server Configuration dialog
Field, Option, or Button |
Information and/or Action |
---|---|
LDAP Server Configuration dialog |
|
Server Information tab |
|
|
WARNING:If you modify an existing LDAP connection, do not modify this LDAP server URL field. Doing so can cause synchronized users to be disabled or deleted.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OK button |
|
Cancel button |
|
Users tab |
|
|
|
|
|
OK button |
|
Cancel button |
|
Groups tab |
|
|
|
|
|
OK button |
|
Cancel button |
|
Path: Port 8443 Filr Admin ConsoleSystem > LDAP > Add button > Users tab > Add button
Table 6-3 Using the LDAP Search dialog (User Version)
Field, Option, or Button |
Information and/or Action |
---|---|
LDAP Search dialog (User Version) |
|
|
Best Practice: Use the Browse icon next to the Base DN field to browse the LDAP directory for the base DN that you want to use. This eliminates the risk of typing the context incorrectly. Also, if browsing fails, that means the LDAP server configuration is not correct and must be changed.
IMPORTANT:Container names cannot exceed 128 characters. If they do, users are not provisioned. |
|
Filr sets up a standard User filter for the LDAP server type. IMPORTANT:In most of the cases, you need to modify this to ensure that only the licensed users are added to the Filr server. Use the User filter to provision only the licensed users to the Filr server.
|
|
|
Home-Directory Net Folder Configuration sub-section NOTE:This configuration is not applicable for external users. |
|
|
|
|
|
|
|
|
|
Path: Port 8443 Filr Admin ConsoleSystem > LDAP > Add button > Groups > Add button
Table 6-4 Using the LDAP Search dialog (Group Version)
Field, Option, or Button |
Information and/or Action |
---|---|
LDAP Search dialog (Group Version) |
|
|
Best Practice: Use the Browse icon next to the Base DN field to browse the LDAP directory for the base DN that you want to use. This eliminates the risk of typing the context incorrectly. Also, if browsing fails, that means the LDAP server configuration is not correct and must be changed.
IMPORTANT:Container names cannot exceed 128 characters. If they do, groups are not provisioned. |
|
Filr sets up a standard Group filter for the LDAP server type. IMPORTANT:In most of the cases, you need to modify this to ensure that only the licensed users are added to the Filr server. Use the Group filter to provision only the licensed users to the Filr server. |
|
|
Hide the user IDs of the LDAP users
Displaying the LDAP ID can cause security threats to the directory service, such as unauthorized access to data and modification of configuration. A configurable option is available in the ssf-ext.properties file to hide the LDAP IDs.
In the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties file, set the hide.LDAPId parameter to true.
User IDs are no longer displayed in the Web client Address Book Search, Show People tab, and so on.
Restart the Filr service after making modifications to the ssf-ext.properties file.
This setting can prevent external LDAP users from appearing in the Share dialog Address book search.
A new parameter external.ldap.user.disable.search in ssf-ext.properties is added to control the behavior of share dialog address book search suggestions for external LDAP users.
In the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties file, set the external.ldap.user.disable.search parameter to true.
Search suggestions will only be displayed for internal users. When you search for external LDAP users in the Share dialog, you have to enter the complete email address to find the desired recipient.
Restart the Filr service after making modifications to the ssf-ext.properties file.