Overview
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. In this article, you will find the attributes used when mapping accounts, profiles, and groups.
Information
After integrating with LDAP, Jive will:
- Authenticate users against the configured directory server.
- Synchronize groups and group membership information from the directory server.
- Sync mapped federated profile fields.
In the following tables, you will find the mapping attributes, values, and notes which will help you to have a better understanding of each one of them.
User Account Mapping
The values are supplied by the customer. You can look at an LDIF to determine the correct value(s).
| Setting | Quick things to check/resolve | Notes |
| Username Field |
|
Required - The attribute name that the username lookups will be performed on. If this property is not set, the default value is |
| Email Field |
|
Required - The attribute name that the email lookups will be performed on. If this property is not set, the default value is |
| First Name Field |
|
The attribute name that contains the first name of the user. This attribute is required for the name presentation when the Last Name Field is present. If this property is not set, the default value is |
| Last Name Field |
|
The attribute name that contains the last name of the user. When present in the LDAP configuration, the last name will be used globally for name lookups in conjunction with the First Name field. If this property is not set, the default value is |
| Photo Field |
|
The attribute name that returns binary data for a photo. Supported binary type_zs are JPEG and PNG. Alternatively, a URL can be returned from which the binary data can be fetched. Common values for this field are |
| Manager Field |
|
The attribute name that the manager relationship lookups will be performed on. A query against these fields should return a Distinguished Name such as |
| User Unique ID Field |
|
The field used to compare local users with remote users in the case of a change of username. It should be a unique identifier for a record in LDAP. |
| Last Modified Field |
|
The attribute name that contains the last modified date for the user record. |
| User Disabled Field |
|
The attribute name that contains the attribute whose value can be determined as a flag for disabling the user record. |
| User Disabled Field Value |
|
The field value which, combined with the user disabled field, can be matched to determine whether or not a user record is disabled. |
Profile Field Mapping
Optional profile fields can be mapped here.
| Setting | Quick things to check/resolve | Notes |
| User Filter |
|
An optional user filter to isolate user searches and authentication to a particular set of criteria. An example is |
| User RDN |
|
An optional relative DN (the base DN will be appended automatically) to isolate user searches and authentication to a particular section of an LDAP tree. An example is |
Group Mapping
| Setting | Quick things to check/resolve | Notes |
| Group Field |
|
Required - The attribute name that the group name lookups will be performed on. If this property is not set, the default value is |
| Member Field |
|
The attribute name that holds the members in a group. If this property is not set, the default value is |
| Description Field |
|
The attribute name that holds the description a group. If this property is not set, the default value is |
User Group Mapping
| Setting | Quick things to check/resolve | Notes |
| Member Field |
|
The attribute name that group lookups will be performed on if configured. This property is on the user object. No default value is set as this is highly dependent on configuration, but a typical value is |
Priyanka Bhotika
Comments