Manualshelf

Installation guide

ManualsBrandsAcano ManualsComputer equipmentSolution
41424344454647484950
LDAP Configuration
Acano solution: Deployment Guide R1.2 76-1006-06-K
Page 46
Using an extensible matching rule (LDAP_MATCHING_RULE_IN_CHAIN /
1.2.840.113556.1.4.1941), it is possible to filter on membership of any group in a
membership hierarchy (below the specified group); for example:
(&(memberOf:1.2.840.113556.1.4.1941:=cn=apac,cn=Users,dc=MyCompany,dc=c
om)(objectClass=person))
4. Set up the Field Mapping Expressions
The field mapping expressions control how the field values in the Acano solution’s user
records are constructed from those in the corresponding AD records. Currently, the following
fields are populated in this way:
Display Name
User name
CoSpace Name
CoSpace URI user part (i.e. the URI minus the domain name)
CoSpace call id (unique ID for coSpace for use by WebRTC client guest calls)
Field mapping expressions can contain a mixture of literal text and LDAP field values, as
follows:
$<LDAP field name>$
As an example, the expression
$sAMAccountName$@example.com
Generates:
fred@example.com
For more information see Appendix F.
Note: Each imported user must have a unique XMPP user ID (JID), constructed using the JID
field in the Field Mapping Expressions section of the Configuration > Active Directory. In
order to construct a valid JID, any AD attribute used in the JID field mapping expression must
be present in each AD record that is to be imported. To ensure that only records that have
these attributes present are imported, we recommend that you include presence filters (i.e.
those of the form (<attribute name>=*)) using a ‘&’ (AND) in the Filter field under Import
Settings for each attribute used in the JID field mapping expression.
For example, suppose your JID field mapping expression is $sAMAccountName$@example.com,
and you wish to import users who are members of the group
cn=Sales,cn=Users,dc=example,dc=com, an appropriate import filter would be
(&(memberOf=cn=Sales,cn=Users,dc=example,dc=com)(sAMAccountName=*))
5. To synchronize with AD, select Sync now or activate the synchronization by using the
appropriate API call (see the API Specification document).
Note that you must manually resynchronize whenever entries in AD change.
6. View the result of the synchronization by going to Status > Users.