Create an LDAP group section - User Replication Agent Installation and Setup Guide - Foundation 24.1 - Foundation 24.1 - Ready - Perceptive Content - external

User Replication Agent Installation and Setup Guide

Platform
Perceptive Content
Product
User Replication Agent Installation and Setup Guide
Release
Foundation 24.1
License

To create an LDAP group section, complete the following steps.

  1. Navigate to the Perceptive Content shared etc directory $(IMAGENOWDIR6)\etc and then open the inserverUR.ini file in a text editor.
  2. Create a group section heading. Provide a heading that exactly matches the group name you use in Perceptive Content.
    [Marketing]
  3. In the group section you just created, add the group.mode property.
    Note: This property determines which method the User Replication Agent uses to locate groups and their members in the LDAP directory. If you place the group.mode property in any heading section of the INI file, the agent recognizes that heading section as a group section and attempts to import users into the group. When you set the mode to 0, the agent searches for all entries one level below the given DN. When the query is successful, these entries are considered members of the group. Group members are based on the DN of an actual container in the LDAP directory, such as the Organizational Unit (OU). The agent searches for all entries that are one level below the container given in the property, group.dn. When you set the mode to 1, you provide the group.member.attr you want the agent to query to find group members from the DN specified in the group.dn property. For mode 1, group members are based on the value of an attribute in one entry in the LDAP server. For example in Active Directory, you might use sAMAaccountName. You can use a different mode for each group section. LDAP Server may prevent User Replication Agent from replicating large groups if group.mode is set to 0. For large LDAP groups (more than 1000 users), we recommend that you set group.mode to 1.
  4. Add the group.department property. This property specifies the department in which the Perceptive Content group should be created. It does not support moving groups to or from other departments. This setting does not apply to existing groups.
    Note: The department specified in this property must already exist within the system.
  5. Add the group.license.group property. This property specifies the name of the license group to which users are added according to the group. Users are limited to one license group. Based on the results of an LDAP query, if a user belongs to several groups, they will remain in the license group associated with the group in which they were last discovered.
    Note: If license groups are not necessary in your environment, this property is optional.
  6. Add the group.dn property. This property specifies the DN of the container where User Replication Agent begins searching for group members in the LDAP directory.
    Note: Do not use single quotes around this the value for this property. For example, avoid group.dn='OU=Marketing'. Each group.dn property can only add users to the group named in the group section heading. Modify the group.dn property for the DN of the container where the agent begins its search for group members in the LDAP directory. You can specify additional containers by creating additional group.dn<number> properties. Start with the number 2 and then increment each additional property by 1. For example, group.dn, group.dn.2, and group.dn.3. If you skip a number while incrementing the properties as you create additional properties, the agent ignores those properties that come after the skipped number.
    [Example Group 1]
    ; an example group using mode 0 search
    group.mode=0
    group.department=Default
    group.license.group=Research and Development
    group.dn = OU=Research and Development, O=ACME, C=US
    group.dn.2 = O=ACME, C=US
    group.dn.3 = OU=Sales, O=ACME, C=US
    group.member.login.attr = uid
    
    [Example Group 2]
    ; an example group using mode 1 search
    group.mode=1
    group.department=Default
    group.license.group=Research and Development
    group.dn = O=ACME, C=US
    group.member.login.attr = uid
    group.member.attr = member
    group.member.filter = (name=john)
  7. Add the group.member.login.attr property. This property contains the value of an attribute of a group member entry as the login and user name in Perceptive Content. If you do not enter a value, common name (CN) is used.
    group.member.login.attr=sAMAccountName
  8. Add the group.member.filter property. If group.mode equals 0, you can use this property to exclude certain members of the directory based on filter criteria. Refer to the tables in the “Group operators and search filters” section for valid options you can use in this property. If the group.mode=1, you can use this property to filter the group members set for the group.member.attr property.
    group.member.filter=(sAMAccountType=805306368)
  9. Add the group.member.attr property. If group.mode equals 1, provide the attribute from the DN specified in the group.dn property that contains the group members' DNs.
    group.member.attr=AcctMembers
  10. Add the group.import.attr property. This property maps the LDAP attribute to the appropriate user field in Perceptive Content, allowing you to import user information, such as last name, first name, and telephone number.
    group.import.attr.last.name = sn
    group.import.attr.first.name = givenName
    group.import.attr.phone = telephoneNumber
    Note: Refer to the “Appendix: inserverUR.ini” section in this guide for a list of user attributes that you can map to LDAP attributes.