Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Content Management (Extended ECM)
API, SDK, REST and Web Services
LDAP Read Only Synchronization - is llserverinfo required? llquery?
Jason_McNeil
We're hoping to use the Directory Services module (version 3.0 with Livelink 9.7.0) to synchronize select users from an LDAP tree. We're planning on having it be a read only process as we don't want Livelink to update the LDAP tree.The documentation says that each user who is to be synchronized requires the llserverinfo attribute, but I'm wondering if that is only required for 2 way synchronizations (not read only). It seems as though the search filter provided with the directory services module should be able to handle which users will actually get brought into Livelink.As for groups I was hoping someone could just confirm my understanding of how they work. I presume that through the group search filter we are able to choose which groups will get pulled into Livelink, and if those groups have an llquery attribute it will be executed and the users that that query returns (and match the user search filter) will be populated in that group.Does that mean that groups don't need the llserverinfo attribute either? I would think they wouldn't given the existence of the group search filter.
Find more posts tagged with
Comments
Appu_Nair
I shall try to let you know what littel I know with this example that Chris Wagg helped me with .Thanks Chris,If you are using Read Only LDAP sync let's start with this exampleSearch Root Enter the distinguished name of the base object to be used for LDAP search operations. Search Root: Search Filter The defined search filters are used to retrieve users and groups from LDAP. User Search Filter: (cn=qalluser) Group Search Filter: (&(objectcategory=group)(description=Bingle Finance Users*)) Here's I think livelink will run the process.It starts off with Group creation.In this case a group called CAM-BIN-FINANCE will be created the name of the group came form the cn attribute of group. It will also create the user qalluser put them in default group. If I had a useful group attribute such as cn that is in the user record that had CAM-BIN-FINANCE then my qalluser would be created in that groupl. I could be grossly wrong as I am also trying to learn how groups are really used with ldap and LL
Chris_Wagg
Message from Chris Wagg via eLinkActually, if you are using LDAP read-only, then you can probably getaway with not using llserverinfo, or llquery.In the group attribute mapping, you can specify the group membershipattribute. In Active Directory, that will be member, and Sun One usesuniquemember. With this attribute mapped, the group will getsynchronized and any synchronized users taht are a member of that groupin LDAP will become a member of that group in Livelink.---------------------------------------Chris WaggSenior Product SpecialistLivelink Escalations Support TeamOpen Text CorporationPh: 800-540-7292--------------------------------------------Original Message-----From: eLink Discussion: Livelink Directory Services Discussion[mailto:directoryservices@elinkkc.opentext.com] Sent: Tuesday, January 08, 2008 3:15 PMTo: eLink RecipientSubject: LDAP Read Only Synchronization - is llserverinfo required?llquery?LDAP Read Only Synchronization - is llserverinfo required? llquery?Posted by McNeil, Jason on 01/08/2008 03:09 PMWe're hoping to use the Directory Services module (version 3.0 withLivelink 9.7.0) to synchronize select users from an LDAP tree. We'replanning on having it be a read only process as we don't want Livelinkto update the LDAP tree.The documentation says that each user who is to be synchronized requiresthe llserverinfo attribute, but I'm wondering if that is only requiredfor 2 way synchronizations (not read only). It seems as though thesearch filter provided with the directory services module should be ableto handle which users will actually get brought into Livelink.As for groups I was hoping someone could just confirm my understandingof how they work. I presume that through the group search filter we areable to choose which groups will get pulled into Livelink, and if thosegroups have an llquery attribute it will be executed and the users thatthat query returns (and match the user search filter) will be populatedin that group.Does that mean that groups don't need the llserverinfo attribute either?I would think they wouldn't given the existence of the group searchfilter.[To reply to this thread, use your normal E-mail reply function.]============================================================Discussion: Livelink Directory Services Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/3062146Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.directoryservices@elinkkc.opentext.com.
Chris_Wagg
Message from Chris Wagg via eLinkWhen you mention that the user gets put into defaultGroup, this isbecause of department mapping, which is another can of worms. You needto have an attribute that will identify which group in Livelink will bethe user's department. This is complicated enough that I would not want to try to go through itin a single email. However, anyone interested in this email thread mayalso find this KB article beneficial:
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=4432890&objAction=ArticleView&viewType=1
---------------------------------------Chris WaggSenior Product SpecialistLivelink Escalations Support TeamOpen Text CorporationPh: 800-540-7292--------------------------------------------Original Message-----From: eLink Discussion: Livelink Directory Services Discussion[mailto:directoryservices@elinkkc.opentext.com] Sent: Tuesday, January 08, 2008 4:00 PMTo: eLink RecipientSubject: I shall try to let you know what littel I know with thisexample that Chris...I shall try to let you know what littel I know with this example thatChris...Posted by Nair, Appu on 01/08/2008 03:58 PMI shall try to let you know what littel I know with this example thatChris Wagg helped me with .Thanks Chris,If you are using Read Only LDAP sync let's start with this exampleSearch Root Enter the distinguished name of the base object to be usedfor LDAP search operations. Search Root: Search Filter The defined search filters are used to retrieve users andgroups from LDAP. User Search Filter: (cn=qalluser) Group Search Filter: (&(objectcategory=group)(description=BingleFinance Users*)) Here's I think livelink will run the process.It starts off with Groupcreation.In this case a group called CAM-BIN-FINANCE will be created the name of the group came form the cnattribute of group. It will also create the user qalluser put them in default group. If Ihad a useful group attribute such as cn that is in the user record that had CAM-BIN-FINANCE then my qalluserwould be created in that groupl. I could be grossly wrong as I am also trying to learn how groups arereally used with ldap and LL[To reply to this thread, use your normal E-mail reply function.]============================================================Topic: LDAP Read Only Synchronization - is llserverinfo required?llquery?
https://knowledge.opentext.com/knowledge/llisapi.dll/open/13690178Discussion
: Livelink Directory Services Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/3062146Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.directoryservices@elinkkc.opentext.com.
Jason_McNeil
Thanks Chris,We haven't yet had a chance to actually try syncing with our LDAP server, so when we do I'm sure I'll have some more questions, and will understand more clearly what you mean.In the meantime though, I don't think our security group is planning on controlling group membership within LDAP, instead they want to assign enterprise roles as user attributes, and a combination of those roles with the users office location, and business unit will comprise which groups we'll be needing in Livelink.This is more where I got the idea of using the llquery to dynamically come up the members who will be in the groups which we'll need in Livelink. Having writeen it out, perhaps the existence of the llquery attribute will in fact be what we'll use as our group search filter.I was hoping that you might be able to confirm that I'm on the right path with that. Like I say I'll probably have some more questions when we're actually starting to sync users and groups from our LDAP server... everything always seems sounds great until we hit that synchronize button
Joanne_Dunn_(dunnj@novachem.com_-_(deleted))
Article referenced by Chris Wagg doesn't have sufficient permissions:
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=44328
90&objAction=ArticleView&viewType=1 I'd like to get at it.
Patricia_Holloway
Don't have sufficient privledges to view the document.
Chris_Wagg
Message from Chris Wagg <
cwagg@opentext.com
> via eLink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">eLink
everyone should be able to see this article. Try just searching for the article number
4432890
---------------------------------------
Chris Wagg
Principal Product Specialist
Escalations Support Team
Open Text Corporation
Ph: 800-540-7292
---------------------------------------
From:
eLink Discussion: Open Text Directory Services Discussion [mailto:directoryservices@elinkkc.opentext.com]
Sent:
Tuesday, November 10, 2009 1:51 PM
To:
eLink Recipient
Subject:
Don't have sufficient privledges to view the document.
Don't have sufficient privledges to view the document.
Posted by
andafb01admin
(Holloway, Patricia) on 2009/11/10 13:47
In reply to:
RE I shall try to let you know what littel I know with this example that Chris...
Posted by
cwagg
(Wagg, Chris) on 2008/01/08 16:14
Don't have sufficient privledges to view the document.
