Set up User Replication Agent - User Replication Agent Installation and Setup Guide - Foundation 24.1 - Foundation 24.1 - Ready - Perceptive Content

Navigate to the Perceptive Content shared etc directory $(IMAGENOWDIR6)\etc and open the inserverUR.ini file in a text editor.

Modify the following [General] properties:

For ldap.sync.interval, enter a whole number that is greater than zero to represent the number of hours between synchronizations.

Note: It is highly recommended to set it to 1 hour or higher. If this property is 0 or less, synchronization is continuous. Continuous synchronization is CPU intensive and dramatically affects performance.
Set the ldap.login property to your LDAP User DN (Distinguished Name), as your LDAP server supports.
Set the ldap.password property to the password for the LDAP user DN.

Note: This value is encrypted and then removed from the setting after running the inserverUR -encrypt-config command.
When you want all users who are not specified in a replication [<groupname>] section removed from Perceptive Content, set the ur.strict.user.sync.mode property to 1.
For the ur.max.retry.attempts property, enter a positive integer to represent how many times the agent attempts synchronization before pausing for the interval specified in the ldap.sync.interval property.
Verify or change the ldap.server property to your LDAP server's host name.

Note: You must specify the fully qualified domain name (FQDN) for the ldap.server setting.
Change the ldap.server.port property to your LDAP server's port, typically 636 when using TLS and 389 when not using TLS.
Ensure the ldap.use.ssl property is set to TRUE if you want this agent to use TLS when connecting to the LDAP server. A value of FALSE disables TLS.
For Linux, change the ldap.ssl.cert.path property to use the path of your TLS certificates when using TLS as shown below.
```
ldap.use.ssl=TRUE 
ldap.ssl.cert.path=/opt/inserver/etc/certs
 
ldap.server=acme.com 
ldap.server.port=636
```
Note: Refer to the “LDAP TLS connection setup” section for more information on these TLS settings.

Create group sections using the following substeps.

Create a heading section in the inserverUR.ini file that corresponds to the name of the group in Perceptive Content as shown in the following example.
```
[AP Users] or [Admissions Approval].
```
To use the actual directory structure of the LDAP directory, enter 0 in the group.mode property. To use an attribute of a particular entry in the LDAP directory, enter 1. You can set a different group.mode for each group section.

Note: If you place the group.mode property in any heading section of the INI file, the agent recognizes that heading section as a group section and attempts to import users into the group.
For the group.dn property, provide the DN of the container where the agent should begin its search for group members in the LDAP directory. Do not use single quotes around this value. You can specify additional containers by creating additional group.dn properties. Start with the number 2 and then increment each additional property by 1. For example, group.dn, group.dn.2, and group.dn.3. If you skip a number while incrementing the properties as you create additional properties, the agent ignores those properties that come after the skipped number.
If you want the value of this attribute used for the login user name in the Perceptive Content Client, modify the group.member.login.attr property to the attribute of the DN you want to use for the group member entry.
Provide a filter for the group.member.filter property to exclude certain members of the directory based on filter criteria. Do not use single quotes around this value. Refer to the "inServerUR.ini" section for valid options you can use.
If the group.mode is 1, provide the group.member.attr you want to use to find group members from the DN specified in the group.dn property.

To add members to a Perceptive Content group, create group sections for each fully qualified DN or attribute of a DN.

Following is an example of a group section for group.mode=0 and group.mode=1.

[Example Group 1]
; an example group using mode 0 search
group.mode=0
group.department=Default
group.license.group=Research and Development
group.dn.1 = OU=Research and Development, O=ACME, C=US
group.dn.2 = O=ACME, C=US
group.member.login.attr = uid

[Example Group 2]
; an example group using mode 1 search
group.mode=1
group.department=Default
group.license.group=Research and Development
group.dn.1 = O=ACME, C=US
group.member.login.attr = uid
group.member.attr = member
group.member.filter = (name=john)

Note: Refer to the “User Replication group sections” section of this document for more information on creating user replication groups.

Save and then close the inserverUR.ini file. If the Perceptive Content User Replication Agent service is running, restart it to make the changes effective.

Verify that the agent can bind to the LDAP server by checking to see if Perceptive Content User Replication Agent is running. If it is stopped, check for binding error messages written to the inserverUR log files in the Perceptive Content local log directory $(IMAGENOWLOCALDIR6)\log folder.

Note: After you restart the Perceptive Content Server, you cannot re-import the certificate while the certificate databases are in use. If the certificate is not working properly, make sure to stop the ImageNow Services before you re-import the certificate and copy the new files to Perceptive Content shared etc directory $(IMAGENOWDIR6)\etc.

Verify the synchronization using the following substeps.

Log in to Perceptive Content as the Perceptive Manager.
Verify that the users you want from the LDAP server appear in Perceptive Content.
If you configured group sections, verify that the users are members of the correct groups (optional).
Log in to Perceptive Content with the user name and password of the new users to verify successful authentication.

Note: If you have access to an LDAP browser application, use it to view the users in the LDAP directory and compare them with users in the system.