Overview
When using Kerberos SSO or LDAP Directory Integration, customers have the option of setting up user filters in Jive to allow only a subset of users to log in. Filtering can be based on profile fields like Title, Email Address, etc.
These filters can, unintentionally, block legitimate users from logging in. E.g. There might be a filter that makes Title mandatory. A blank Title in LDAP could result in the user not being able to log in.
Solution
- Verify that the customer's Jive instance has an LDAP Directory Server configured.
- Go to Admin Console > People > Settings > Directory Server Settings > User Mapping
- The existing filter might look something like below (the exact fields may differ depending on what filters the customer has configured).
(&(&(objectCategory=person)(title=*))(sAMAccountName={0})(mail=*))This filter sets the below conditions:- (objectCategory=person): It is a person that is logging in. See reference of possible objectCategory values.
- (title=*): The title field is non-blank
- (sAMAccountName={0})(mail=*): Person's User ID matches their Email Address
- Because of the (title=*) condition, any user, who doesn't have a title set in their LDAP entry, will not be allowed to log in to Jive.
- You can change the above filter setting to:
(&(&(objectCategory=person))(sAMAccountName={0})(mail=*))This will remove the non-blank title condition from the filter. - Press Save
Testing
The users who were previously not able to log in because of a blank title in LDAP, should now be able to login successfully.
Priyanka Bhotika
Comments