Before using the
LDAP Setup & Tools features, consider the following
guidelines:
- You can set up and use LDAP features when
SBM System Administrator is
connected to the database via ODBC or the Remote Administrator. You can perform
all LDAP functions while the Web server is running; however, if you are
importing or updating a large number of user records, you may consider shutting
down the Web server and performing these tasks via an ODBC connection.
- You can use the
SBM Application Administrator
to import users and contacts from LDAP. You can also update resource attributes
by mapping data from LDAP.
- Managed administrators can perform LDAP functions if they are
granted specific privileges. To configure Auto Add settings on the
General tab of the LDAP Setup & Tools
dialog box, managed administrators must be granted the
Alter Server Settings privilege located on the
Administration – System privileges sub-tab. To access full LDAP
capability, managed administrators must be granted the
Global Administration and
Alter Server Settings privileges.
- If LDAP fields contain sensitive data that
administrators should not see, privileges can be specified in the LDAP tool to
limit administrators' access to these fields.
- Contact imports only apply to the
SBM system
Contacts table. You cannot import from LDAP into custom
auxiliary tables that store contact data.
- Administrative locks are activated on the entire
Users table (meaning no other user updates or edits can take
place) when an import or update is performed via LDAP. Similarly, LDAP imports
and updates cannot be performed while user accounts are being added, edited, or
deleted by another administrator.
- Care must be taken when you modify and delete
mapped fields in LDAP and
SBM. For
example, if the name of an attribute is changed in LDAP, it is no longer mapped
to the
SBM field.
Also, fields that are deleted in either tool are no longer mapped.
- When you update User and
Contact records,
SBM fields
that contain data are not modified if the mapped field in LDAP is empty. For
example, if a
Contact record contains a phone number and the LDAP record
does not, the phone number for the
Contact record is retained after updating. To update
SBM with an
LDAP attribute that has no active replacement, you must set the LDAP attribute
to some non-empty value such as "none."
- The
User Map and
Contact Map tabs enable administrators to view values for LDAP
fields. If LDAP fields contain sensitive data that administrators should not
see, privileges can be specified in the LDAP tool limiting their access to
these fields.
- When you import and update user records, or when users are
automatically added, uniqueness is guaranteed by the login ID and the LDAP UID.
A new user is not automatically added if a user already exists with the same
login ID. When you import and update
Contact records, uniqueness is determined by the Equality Key
specified on the
Contact Map tab. For details, refer to
Mapping LDAP Users and
SBM
Contacts.
- If you have added the
Active/Inactive optional system field to your
Contacts table, be sure that its default value is set to Active.
If not,
Contact records imported from LDAP are not visible to users.
Also, if your
Contacts table contains required fields, set default values for
these fields so that contacts imported from LDAP are guaranteed to have values.
Copyright © 2001–2016 Serena Software, Inc. All rights reserved.