Page History
...
Content source management page
- Click Settings to load the Services console.
2. You should now see the following screen.
3. Choose Add Service and select LDAP Group Cache.
4. The service will now load the configuration screen. This may take a moment if the connection to the internet is slow. Once the service has been downloaded, you will see the following:
5. Enter a service name.
6. Click the Service tab at the top of the screen or use the “arrow” at the right of the screen to move to the service configuration screen. You will now see the service configuration.
7. Fill in the Active Directory connection properties. The Search base is the start point in the directory tree from where searches will be performed, and Scope can be set to define how far down the tree the search will descend – either just the search base, the base and the next level, or the default of the entire Subtree.
User query should be an ldap formed query that will return all of the users that you wish to cache. Typically this will be something like (objectClass=user) although in our case this brings back computer accounts and we are not interested in these, so we extend the query to exclude these using (&(objectClass=user)(!(objectClass=computer))) instead. Group query is the query to return all groups you wish to cache, typically (objectClass=group).
8. Scroll the screen to see the Mapping attributes section. In the Mapping attributes fill in the attributes that will allow the user to group mapping to be performed. You must specify the attribute (or the pseudo attribute dn) that uniquely identifies the users and groups (the User key and Group key entries) and the attribute that holds the value to be used as the user name and group name (the User name and Group name entries). You also need to specify the Group mapping attribute and whether the Groups hold members.
Finally choose
9. Choose the frequency with which the cache should be refreshed by setting the schedule.
...
Select Save to save the configuration and load the service.
...
This may take a moment while the required components are downloaded.
...
Afterthe service is installed, you will be taken back to the
...
Services home page.
How the configuration is used
...
Then it will do the same for groups using the query (userClass=group).
Once After all of the objects are downloaded, it will consider each user in turn (because Groups hold members is not set, which means that user object hold the groups to which they belong.
For each user, it will retrieve all memberOf attributes (as configured by the Group mapping attribute). Each memberOf attribute will hold the identifier of a group to which this belongs. In the case of a typical Active Directory configuration, this identifier is the dn of the group object. This identifier will be looked up in the map (which holds the group objects against their unique identifier – a dn) and will find a group object.
Once After all of the memberOf attributes have been considered, we will have a list of all the group objects. We can then establish the names of the users and groups from the objects we have by finding the value of the sAMAccountName attribute (as configured in the User Name and Group Name entries).
Once all the above When this is complete, we will have a user name and a list of group names and this information will be inserted in to the cache.
...
Overview
Content Tools