Use an LDAP branch to store external users
If you store your external users in a separate LDAP branch, you can use that branch to populate the Profiles database with those users.
About this task
In this procedure you create a separate TDI solution directory for the LDAP branch that contains the external users. When you have a separate TDI solution directory, the process of synchronizing the Profiles database with your LDAPs is easier.
- If you use a scheduled task or script to run synchronize commands, use a separate scheduled task or script for each directory.
- Any changes or fixes that you make to one TDI solution directory must be made to the other directory.
Procedure
-
Open profiles_tdi.properties and verify that
sync_store_source_url is set to true. If
sync_store_source_url is set to false, you must change
the value in accordance with the following instructions:
- Create a copy of the existing TDI solution directory parallel to the existing directory and name it TDI_external.
- Rename the existing TDI solution directory from TDI to TDI_internal.
-
In the directory TDI_external, edit the file
profiles_tdi.properties. Specify the LDAP branch by updating the
following properties:
- source_ldap_url (required)
- source_ldap_search_base (required)
- source_ldap_search_filter (optional)
-
In the directory TDI_external, edit the file
profiles_tdi.properties to set the visitor properties.
The following visitor properties must have values that are identical to the LDAP branch values that you set in the previous step.
- source_ldap_url_visitor_confirm
- source_ldap_search_base_visitor_confirm
- source_ldap_search_filter_visitor_confirm
The visitor properties are referenced by the func_mode_visitor_branch function in profiles_functions.js to determine if the current LDAP branch is a visitor branch. If the value of the visitor properties is empty or if the properties are commented out, then users are added as employees instead of as external users.
-
In the directory TDI_external, edit the file
map_dbrepos_from_source.properties.
- Comment out the line
mode=
if it exists. - Add or uncomment the line
mode={func_mode_visitor_branch}
. The func_mode_visitor_branch function is in the file profiles_functions.js.
- Comment out the line
-
Append a string to an external user's display name that differentiates them from users who are
part of your organization.
For users that rely solely on a screen reader, adding this string helps them to identify which users are external users. The only other indication of external users is how their picture displays on the site. The default string that is appended to a name is
- External User
.- In the map_dbrepos_from_source.properties file, comment out this line:
displayName=cn
- Add or uncomment these three lines:
displayName={func_decorate_displayName_if_visitor} displayNameLdapAttr=cn decorateVisitorDisplayName= - External User
- Customize the string that gets added to the display name. Modify the value
of
decorateVisitorDisplayName
by replacing the string- External User
with your custom string.Note: The string is not translated into other languages. If your installation of Connections supports more than one language, use a string that works in all languages.
- In the map_dbrepos_from_source.properties file, comment out this line:
-
Populate the Profiles database with external users. In the directory
TDI_external, run the following commands, in order:
- collect_dns.bat or collect_dns.sh
- populate_from_dn_file.bat or populate_from_dn_file.sh
For more information about the collect_dns and populate_from_dn_file commands, see Manually populating the Profiles database.
What to do next
To keep your Profiles database synchronized with changes to the LDAP directory, run the sync_all_dns command in each TDS solution directory on a regular basis. For more information about synching, see Synchronizing source changes such as LDAP with Profiles. Also, make sure that sync_source_url_enforce remains set to true in both places.