Configuring the Application for LDAP

Through three screens in the setup tool, you give information for connecting to the server, for querying for users, and how groups should be handled. At the outset, you choose a server type, such as Active Directory or OpenLDAP.

1. In the setup tool, on the User Settings step, choose Directory Server (LDAP) as the authentication and user mode, then click Continue.
   
   
2. On the Connection Settings page, enter the connection values required by your LDAP server. Your server type choice will determine the default values displayed later in the setup tool. In order to go to the next step, you need to set values for the Server Type, Host, Port, and Base DN, then click Test Settings and get a Success message. (Note that while the setup tool doesn't require or test them, your LDAP server might require an administrator DN and password; if so, be sure to enter them.)
3. Click Advanced Settings to make other connection-related settings. Be sure to see Getting Debug Messages and Setting Connection Pool Defaults as you make choices about those settings.
4. Click Test Settings to confirm the connection settings for host, port, and base DN.
   
   
5. When you get a successful test, click Continue.
6. On the User Mapping page, enter the names of fields your LDAP server uses for user data.
   
   The setup tool provides default values based on the server type you chose in the Connection Settings step. In particular, you'll see the following defaults for Active Directory and OpenLDAP:

   Option	Active Directory	OpenLDAP
   Username Field	sAMAccountName	uid
   Name Field	cn	cn
   First Name Field	givenName	givenName
   Last Name Field	sn	sn
   Email Field	mail	mail
   User Filter	(sAMAccountName={0})	(uid={0})

   The application will use these values to query your LDAP server to retrieve information about the people who will be using the application.

   Note: If you're upgrading the application from a version that supported only "Name Field," you can still switch the first-and-last configuration. After you upgrade, go to the admin console page at System > Management > System Properties. At the bottom of the page, add the following system properties:

   Property	Value
   ldap.firstNameField	givenName
   ldap.lastNameField	sn
   jive.user.lastname.firstname.enabled	true

   After you add the properties, navigate in the console to People > Settings > User Data Synchronization Settings. To pick up changes immediately, click Run Synchronization Task Now. If you already have synchronization enabled, you can also wait for its nightly run.

   The default values will include all users found with the connection settings you gave. You can limit this to only certain users by using an LDAP filter expression. For example, to retrieve only those users who work at the Portland office, you could enter something like the following in the User Filter box:

   (&(physicalDeliveryOfficeName=Portland))

7. After you've entered the values you need, click Test Settings to confirm that the values you entered are valid for your LDAP server. If any of the fields were not represented in the test results, you'll see those fields highlighted in red. For those highlighted values that you know should be mapped anyway, click the LDAP Managed check box.
   
   
8. When you get a successful test, click Continue.
9. On the Group Mapping page, choose whether to use groups defined in LDAP or to define your own groups using the application. Select Use LDAP to manage groups if you have groups in LDAP that you want Jive SBS to be aware of. With this option selected, the application will retrieve your LDAP server's group information just as it did for your LDAP users. Select Use Jive SBS to manage groups if you want the application to ignore groups you have defined in LDAP. This option is useful if you want to use the application to define groups that are used only by it. Your LDAP server won't be aware of groups you define in the application. You can use the admin console to define groups; in the admin console, go to People > Management. If you select Use LDAP to manage groups, the setup tool provides default values based on the server type you chose in the Connection Settings step. In particular, you'll see the following defaults for Active Directory and OpenLDAP:

   Option	Active Directory	OpenLDAP
   Group Field	cn	cn
   Member Field	member	member
   Description Field	description	description
   Member Field	memberOf	(Depends on installation.)
   Group Filter	(objectClass=group)

   Use the Member Field option as a way to increase performance. When your LDAP installation provides a way to have user objects be aware of the groups each user is a member of, giving the user object's "member of" attribute provides a more efficient (and faster) way for the application to get the list of groups a user is in.

   Jive SBS will use these values to query your LDAP server to retrieve information about the groups to use. The default values will include all groups found with the connection settings you gave. You can limit this to only certain groups by using an LDAP filter expression.

10. After you've entered the values you need:

    Click Test Settings if you're choosing to use LDAP groups; this will confirm that the values you entered are valid for your LDAP server. When you get a successful test, click Continue.

    Click Continue if you're choosing to define groups in the application.

11. Complete the Other Settings page and click Continue.
12. On the LDAP User Data Storage Mode page, enter the name of the user (retrieved from your LDAP server) who should be the system administrator.
13. Click Continue to finish setting up.