Beruflich Dokumente
Kultur Dokumente
Release 4.0
Publication date: October 2004 Copyright 2004 Xerox Corporation. All Rights Reserved. Xerox , The Document Company, the digital X and DocuShare are trademarks of Xerox Corporation. All other signs or marks are the properties of their respective companies, and recognized as such. Specifications accurate at time of publication. Specifications subject to change without notice.
Table of Contents
Chapter 1 Understanding the LDAP structure
LDAP overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 LDAP structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Relative Distinguished Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Distinguished Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Directory Information Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 DIT organization based on geographical domains . . . . . . . . . . . . . . . . . . . . . . 15 DIT organization based on DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 2
LDAP/DocuShare configuration
DocuShare Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 LDAP and SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Import the Certificate to DocuShare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Export the Certificate and Save as a CER File . . . . . . . . . . . . . . . . . . . . . . . . 213 Placing the Certificate into DSTrustStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 The Active Directory Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Using the Active Directory Administration tool. . . . . . . . . . . . . . . . . . . . . . . . . 217 The Active Directory LDIFDE command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 LDIFDE command syntax and usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 LDIFDE command example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Analyzing the adexport.txt file contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
iii
Table of Contents
iv
Release 4.0
11
LDAP overview
LDAP overview
While some background information is provided for understanding basic concepts, this guide does not provide instructions for implementing either LDAP or Windows Active Directory. The information in this guide assumes the Active Directory server is already in place and is being managed by either an Active Directory administrator or by an LDAP administrator. Examples shown in this appendix use Microsoft Windows 2000 Server with Microsoft Internet Explorer (IE) V.6.X. LDAP, or Lightweight Directory Access Protocol, is a lightweight alternative to the X.500 Directory Access Protocol (DAP). LDAP uses the TCP/IP protocol stack instead of the OSI protocol stack that is required by X.500. As a lightweight alternative, LDAP simplifies some operations, but lacks support for some of the features of X.500 DAP. LDAP is the protocol that is used between a directory client and a server. LDAP defines the content of messages exchanged between an LDAP client and an LDAP server. The LDAP client, in this case the DocuShare server, communicates to the LDAP server. The LDAP server, acting as a gateway, accesses the LDAP directory. The LDAP directory may be implemented either as a stand-alone on the LDAP server or as a directory on an X.500 server. DocuShare submits directory content queries to the LDAP server. The LDAP server accesses the directory, either LDAP or X.500, and returns the results to DocuShare. The LDAP protocol allows for read and for update client operations on the directory data.
NOTE: DocuShare does not update LDAP directory data. DocuShare only reads the results of the queries that it sends to the LDAP server.
12
Release 4.0
LDAP structure
LDAP structure
Entries within an LDAP directory are organized in a specific hierarchical structure.
Directories
A directory is a special type of database. Directories are optimized to support a high volume of read requests along with write access that is generally limited to system administrators. Similar to the white pages of a telephone book, an LDAP directory is read more times than it is updated. Just as a telephone book lists individuals, companies, and organizations, an LDAP directory lists objects such as users, servers, and printers. In the same way that a telephone book contains information about each listing, such as name, number, and address, the entries in the LDAP directory contain pertinent information about each object. This object information is referred to as attributes.
Attributes
Each object entry within an LDAP directory contains one or more attributes. Each attribute is comprised of a type and a value. A telephone book entry has attributes such as the name of a person and a corresponding telephone number. LDAP attributes appear in the format of commonName=Jane Smith telephoneNumber=555-555-5555. Table 11 lists some common LDAP attributes, along with the alias associated with the attribute. Table 11: LDAP Attribute commonName Surname userID telephoneNumber origanizationalUnitName organization domainComponent Attribute Alias cn sn uid ou o dc Description of Attribute Common name of an entry Last name of the person User ID or login name Telephone number Name of organizational unit Name of organization DNS component Example Jane Doe Doe jdoe 555-123-4567 my department my company xyz.com
13
LDAP structure
Distinguished Name
Entries in the directory are organized by a Distinguished Name (DN). Distinguished Name is similar to the absolute path to a file in the Windows file system. The DN of an object is made up of the name and the location of the entry within the directory. A DN is made up of RDN attribute data pairs, separated by commas, such as: cn=John Smith,ou=marketing,dc=Xerox,dc=com cn=John Smith,ou=engineering,dc=Xerox,dc=com The path for a DN is from the lowest order to highest order. This is the reverse of the order that is used in the Windows file system. Just as the Windows file system allows numerous files to have the same name, if each file is in a different file directory, numerous users can have the same RDN as long as each DN is unique. As the DN example above shows, a John Smith can be listed in the marketing department and a John Smith can be listed in the engineering department.
14
Release 4.0
15
for the marketing, engineering, and finance divisions. By defining the DIT root as dc=mycompany, dc=com, the administrator can create a DocuShare external domain for each department within a division. To define an external domain for the Accounts Receivable department in the Finance division, the administrator would define the Relative Authentication and the Directory Service Locator as ou=accts recv, dc=finance.
16
Release 4.0
LDAP/DocuShare configuration
27
DocuShare Configuration
LDAP/DocuShare configuration
DocuShare Configuration
To configure your DocuShare site to use LDAP/Active Directory, login as admin to your DocuShare site, then follow procedures A through F. To configure DocuShare correctly, use either the Active Directory Administration Tool or the Active Directory LDIFDE command to gather the necessary information. Both information gathering processes are described in this chapter.
A- LDAP Configuration
Use the DocuShare administration LDAP Configuration page to establish a connection between your DocuShare server and your LDAP server, and to define the Directory Information Tree that is used to create DocuShare external domains. 1. Open the LDAP Configuration page of the Administration UI. 2. Enter in the Host(s) field, the Host Name, or the IP address, or the DNS name of the LDAP/Active Directory server (FQDN preferred, or IP address if not FQDN). Use a space to separate multiple LDAP server address entries. 3. Enter in the Port field, the port number that is used by your LDAP server if other than the default port number 389. 4. Optional: Enter in the SSL field, the port number used for Secure Socket Layer. 5. Enter in the DIT Root field, the information you obtained using the Active Directory Administration Tool search for a reference to namingContext. For example, this information would be in the format of dc=adoc,dc=Xerox,dc=com. 6. Enter in the User RDN Key field, the attribute cn. This is the alias for the attribute commonName. The attribute my be different, depending on the type of LDAP server used (iPlanet etc). 7. Select Agent in the System Agent field. Most Active Directory servers require either an Agent or a Service account login. 8. Enter in the DN field, the Distinguished Name of the agent account. For example, cn=john,cn=users,dc=adoc,dc=xerox. 9. Enter in the Password field, the password for the Agent account. 10. Go to the Test LDAP section at the bottom of the LDAP Configuration page. Use Test LDAP to check for a valid connection and a successful login to the LDAP server. 11. Select Agent in the Connection DN field. 12. Enter in the Name field, the Distinguished Name that you entered in the DN field in step 7. 13. Enter in the Password field, the password that you entered in the Password field in step 8.
28
Release 4.0
DocuShare Configuration
You will see a "Success" message if you have correctly established a connection to the LDAP server. 15. Repeat steps 11 through 14 but select User in the Connection DN field.
NOTE: This test does not check the validity of the DIT Root nor the Relative Authentication Locator of any external domains.The test checks only whether DocuShare received a positive response from the LDAP server.
B- Advanced Configuration
Use LDAP Advanced configuration to set how specific object classes are defined on your LDAP server. 1. Click Advanced located at the bottom of the LDAP Configuration page. The LDAP Advanced Configuration page appears. 2. At the bottom of the LDAP Advanced Configuration page, locate the section title Object Classes. 3. In the User field, replace the default entry person, with the word user (all lowercase). 4. In the Static Group field, replace the default entry groupOfUniqueNames, with the word group (all lowercase). 5. Click Apply.
29
DocuShare Configuration
LDAP/DocuShare configuration
D- Bind User
Use the DocuShare administration Bind User page to establish an association between DocuShare account properties and LDAP account attributes. 1. Open the Bind User page of the Administration UI. 2. In the First Name field, enter the attribute that LDAP uses for the first name of a user. This is generally givenName. 3. In the Last Name field, enter the attribute that LDAP uses for the last name of a user. This is generally surname or sn. This is a required field. 4. In the Username field, enter the attribute that LDAP uses for the login name of a user. This is generally sAMAccountName. This is a required field. 5. If the LDAP directory contains attributes for addition attributes, such as email address, mail stop, telephone number, or home page, enter those attributes in the appropriate fields on the Bind User page. 6. Click Apply the save this information.
E- Bind Group
Use the DocuShare administration Bind Group page to establish an association between DocuShare account properties and LDAP account attributes. 1. Use the information you obtained using the LDIFDE command and enter those attributes in the appropriate fields on the Bind Group page. For more information, refer to the section of this chapter titled The Active Directory LDIFDE command/Analyzing the adexport.text file contents/E. Bind Group Properties. 2. Click Apply the save this information.
F- Create Domain
Use the DocuShare administration Domains page to create external domains on your local DocuShare site. Each DocuShare external domain represents a branch in the LDAP directory tree. And each branch contains a collection of DocuShare user and group accounts. 1. Open the Domains page of the Administration UI. 2. In the Add field, enter the name of the external domain that you want to add to your local site. This may be simply a description name, such as Engineering. 3. Select LDAP/LDAP in the Providers/Security Services and Providers/Directory Services pages of the Admin UI. 4. In the Relative Authentication Locator field, enter one or more attribute pairs to define the path to the directory that contains the user and group accounts. Use the attribute components of the DN that are to the left of the DIT root and to the right of the user RDN.
210
Release 4.0
LDAP/DocuShare configuration
DocuShare Configuration
For example, the DN for a user account in a domain is cn=users name,ou=engineering,ou=docushare,dc=adoc,dc=xerox,dc=com. The Engineering domain is in ou=engineering, ou=docushare branch. The DIT root is dc=adoc, dc=xerox, dc=com. 5. In the Relative Directory Service Locator field, enter one or more attribute pairs. Use the same attribute pairs that you entered in the Relative Authentication Locator field. DocuShare 3.0 supports only LDAP for Authentication and Directory services, so the values for Relative Authentication Locator and Relative Directory Service Locator are identical. 6. Click Add to add this external domain to your local login menu.
G- Add
After you have completed the LDAP Configuration, Providers, Bind User, and Domains pages, you are ready to add user and group accounts to the external domain on your DocuShare site. If you were to List Users or List Groups in the new external domain, the domain would be empty. What you must do now is open the domain on the LDAP server, and select those user and group account that you want as members of your local external domain. 1. Open the Add page of the Administration UI. This is not the same page as Add User. 2. Select a domain from the By User domain menu. 3. Select one or more accounts from the User or Group list. Accounts not selected will not be able to login nor access the DocuShare site. 4. Click Add. The accounts selected now are part of the external domain as it appears on the DocuShare site. 5. Open the List Users page of the Administration UI, and select the newly added domain from the Domain menu. The List Users page displays all of the accounts that you just added to the external domain.
H- View Login
1. Return to the DocuShare home page. 2. In the Login section of the home page, the new external domain should appear in the Login Domain menu. 3. A user of an external domain must select the correct domain for login, or DocuShare displays a login error message and a request to retry.
211
LDAP/DocuShare configuration
Certificates
When using SSL, servers and clients use certificates to provide proof of identity prior to establishing a secure connection. A certificate also contains public and private keys that are used to establish a session. Servers and clients use session keys to encrypt and decrypt data. Certificates may be self-signed or they can be issued by a certificate authority (CA) such as Entrust, Equifax, Valicert, or Verisign. Certificates issued by a CA are considered to be from a trusted third-party authority. Basically, third-party authority vouches for the identity of a user. Most client browsers are configured to recognize and trust certificates issued by CAs. When certificates are self-signed the user is acting as a certificate authority. A self-signed certificate must be installed in the browsers authorities' store and the certificate is not recognized as a trusted third-party authority. Certificates are issued as either client or server certificates. DocuShare does not support client-side certificates. DocuShare uses a copy of the LDAP server's certificate to establish the SSL session with the LDAP server.
212
Release 4.0
LDAP/DocuShare configuration
213
LDAP/DocuShare configuration
3. Open a command prompt window and navigate to the directory containing dstruststore. Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\>cd\xerox\docushare\jkd1.3.1\jre\lib\security C:\Xerox\DocuShare\jkd1.3.1\jre\lib\security\dir Volume in drive C is Local Disk Volume in Serial Number is 508B-0D2F Directory of C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security 18-11-02 15:55 18-11-02 15:55 02-10-02 12:25 02-10-02 12:26 02-10-02 12:26 02-10-02 12:26 10-11-02 15:43 5 Files(s) 2 Dir(s) <DIR> <DIR> --
7,365 cacerts 589 dstruststore 2,271 java.policy 4,115 java.security 844 SLL_Cert4LDAP.cer 15,184 bytes 1,486,024,704 bytes free
C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security
4. At the command prompt, enter the set PATH command to set the PATH environment variable. Use set PATH=%PATH%;<ds3_install-dir>\jdk1.3.1\bin. C:\Xerox\Docushare\jkd1.3.1\jre\lib\security>set PATH=%PATH%;C:\XEROX\DocuShare\jdk1.3.1\jre\bin
5. After you have set the PATH variable, at the command prompt, enter keytool, without arguments. The Keytool Utility help appears. The Keytool Utility places the SSL certificate in the DSTrustStore. 6. At the command prompt, enter the keytool utility command keytool -import -alias <alias_name> -file <cert_file> -keystore dstruststore Replace <alias_name> with a unique name for the certificate file. Replace <cert_file> with the name of the certificate file (.cer) that you exported and copied to the directory containing the dstruststore file.
214
Release 4.0
LDAP/DocuShare configuration 7. Press Enter to start the command. A request for a password appears. 8. Enter password and press Enter.
C:\Xerox\Docushare\jkd1.3.1\jre\lib\security>keytool -import -alias Test LDAPss1 -file SDL_Cert4LDAP.cer -keystore dstruststore Enter keystore password: password Owner: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator Issuer: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator Serial number: 5ee8abd44c2cd2b14ffbee159f03d354 Valid from: Tue Feb 19 10:57:21 PST 2002 until: Thu Jan 26 10:57:21 PST 2102 Certificate fingerprints: MD5: 78:C7:A3:04:32:69:EB:97:76:FE:F4:8A:11:A2:65:26 SHA1: 02:DD:9A:BE:BE:DE:3C:AA:22:AE:14:9A:F2:F2:5B:11:61:6D:5A:5F Trust this certificate? [no]: yes Certificate was added to keystore C:\Xerox\DocuShare\jdk1.3.1\jre\lib\security>
9. Examine the screen output to ensure that Keytool successfully added the certificate to the keystore. If Keytool completed the operation, your DocuShare server is now ready to use the certificate to establish and SSL session with your LDAP server.
215
LDAP/DocuShare configuration
216
Release 4.0
LDAP/DocuShare configuration
NOTE: This procedure is based on using the tool to collect information from a typical LDAP server setup. Variations may occur, depending on how the server was configured.
A- Connect
1. Select Connection from the Active Directory Administration Tool navigation bar, and then select Connect from the Connection menu. The Connect dialog box appears. 2. Enter in the Server field either the IP address or the DNS name of the LDAP Active Directory server. 3. Enter in the Port field the port number used, if other than the displayed default. 4. Click OK. You have now set the LDAP server address and port number.
B- Bind
After setting up the connection to the LDAP server, you must now bind the server to an administrator account that has access permission to search the directory. 1. Select Connection from the Active Directory Administration Tool navigation bar, and then select Bind from the Connection menu. The Bind dialog box appears. 2. Enter the user account name in the User field, password in the Password field, and domain in the Domain field. 3. Click OK. If you have successfully connected to and created a bind to the LDAP server, the server displays response text in the right frame of the Active Directory Administration Tool.
217
LDAP/DocuShare configuration
218
Release 4.0
LDAP/DocuShare configuration
could have used commonName=Peter Pan for example. An iPlanet server may use the uid or commonName (cn) attribute. 4. Select the Scope of the search. Select Subtree is One Level is not wide enough. 5. Click Run. The results of your search appears as text in the right frame of the Active Directory Administration Tool window. For example, a search might show that the distinguishedName for the Agent account is cn=TestUser1,cn=users,dc=adoc,dc=xerox,dc=com.
F- Next step
After following procedures A through E, you should be able to use Active Directory Administration Tool to gather the information you need to configure your DocuShare site to use LDAP for user account authentication. The IP address or the DNS name of the LDAP server The DIT Root The Agent account for DocuShare
219
LDAP/DocuShare configuration
RESOURCES: For more information on using the LDIFDE command, go to http:// support.microsoft.com/default.aspx?scid=http:// support.microsoft.com:80/support/kb/articles/Q237/6/ 77.ASP&NoWebContent=1
220
Release 4.0
LDAP/DocuShare configuration
The import will go on ignoring 'Constraint Violation' and 'Object Already Exists' errors The import will use lazy commit for better performance
Credentials Establishment ========================= Note that if no credentials is specified, LDIFDE will bind as the currently logged on user, using SSPI. -a UserDN [Password | *] Simple authentication -b UserName Domain [Password | *] SSPI bind method Example: Simple import of current domain ldifde -i -f INPUT.LDF Example: Simple export of current domain ldifde -f OUTPUT.LDF Example: Export of specific domain with credentials ldifde -m -f OUTPUT.LDF -b USERNAME DOMAINNAME * -s SERVERNAME -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com" -r "(objectClass=user)"
221
LDAP/DocuShare configuration
222
Release 4.0
LDAP/DocuShare configuration
[Sample Directory Record for a single User] dn: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com changetype: add accountExpires: 9223372036854775807 badPasswordTime: 0 badPwdCount: 0 codePage: 0 cn: Duncan Donkey countryCode: 0 displayName: Duncan Donkey mail: ddonkey@infodev.xerox.com givenName: Duncan instanceType: 4 lastLogoff: 0 lastLogon: 0 logonCount: 0 distinguishedName: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com objectCategory:CN=Person, CN=Schema, CN=Configuration, DC=infodev, DC=dsbu, DC=xerox,DC=com objectClass: user objectGUID:: xmi02W78lEmpYca7AtiupQ== objectSid:: AQUAAAAAAAUVAAAAqDfWZRUlr0f4n7R0bgQAAA== primaryGroupID: 513 pwdLastSet: 127293917905389760 name: Duncan Donkey sAMAccountName: duncan sAMAccountType: 805306368 sn: Donkey userAccountControl: 512 userPrincipalName: duncan@infodev.dsbu.xerox.com uSNChanged: 7353 uSNCreated: 7349 whenChanged: 20040518220950.0Z whenCreated: 20040518220933.0Z
223
LDAP/DocuShare configuration
[Sample Directory Record for a Group] dn: CN=labusers,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com changetype: add member: CN=Greg Wong,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Janet Gilmore,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Jennings\, Ferris,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com member: CN=Cua\, Kiam T,CN=Users,DC=infodev,DC=dsbu,DC=xerox,DC=com info: Authorized Login User to the InforDev Lab cn: labusers description: InfoDev Lab Users groupType: -2147483644 instanceType: 4 distinguishedName:CN=labusers, CN=Users, DC=infodev, DC=dsbu, DC=xerox, DC=com objectCategory: CN=Group, CN=Schema, CN=Configuration, DC=infodev, DC=dsbu, DC=xerox, DC=com objectClass: group objectGUID:: Cm9phZkOn0ig4iEWMRPWsg== objectSid:: AQUAAAAAAAUVAAAAqDfWZRUlr0f4n7R0VgQAAA== name: labusers sAMAccountName: labusers sAMAccountType: 536870912 uSNChanged: 3975 uSNCreated: 2540 whenChanged: 20040302161513.0Z whenCreated: 20040130190128.0Z
224
Release 4.0
LDAP/DocuShare configuration
A. The Directory Information Tree (DIT) Root Set the DIT root at the level of the directory tree that will include all branches of the directory that contain users who need access to the DocuShare server. In our example, only members of the DSBU organization at Xerox will have access to our sample DocuShare server. The DSBU organization includes several departments and teams within each department. These departments and teams are organized in the LDAP Directory by Domain Components (DC) and Organizational Units (OU). For our example we will setup an External Domain in DocuShare to authenticate users who are members of the Digital Actors Team in the InfoDev department at DSBU within Xerox Corporation. In our example, the DIT root of the DN for Duncan Donkey is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com By defining the DIT root at this level in the hierarchy, external domains can be created for each department/team within DSBU.
B. The User RDN Key The User RDN Key is the attribute alias used to identify the User. In our example, the User RDN key of the DN for Duncan Donkey is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com
C. The Relative Authentication and Directory Service Locators The Relative Authentication and Directory Service Locators are the pointers to the directory branch of the external domain that contains a specific user, users, or group.
225
LDAP/DocuShare configuration
In our example, the Relative Authentication and Directory Service Locator is shown here bolded: CN=Duncan Donkey, OU=Digital, OU=Actors, DC=infodev, DC=dsbu, DC=xerox, DC=com.
D. Bind User Attributes The text file generated by the FDIFDE command contains the attributes alias that are used to identify the last name, user name, and Email address of each user listed. You will use these attributes aliases to configure the DocuShare LDAP Bind User properties. In the FDIFDE command text file, users within the LDAP directory are identified with the entry objectClass: user. In our example, you will find the LDAP attribute aliases for the following properties: Last Name = sn User Name = sAMAccountName Email Address = mail In our example, the values given to these LDAP attribute aliases are: sn: Donkey sAMAccountName: duncan mail: ddonkey@infodev.xerox.com
E. Bind Group Attributes The text file generated by the FDIFDE command contains the attributes alias that are used to identify the title, description, and summary information of each group listed. You will use these attributes aliases to configure the DocuShare LDAP Bind Group properties. In the FDIFDE command text file, groups within the LDAP directory are identified with the entry objectClass: group. In our example, you will find the LDAP attribute aliases for the following properties: Title = cn Description = description Summary = info In our example, the values given to these LDAP attribute aliases are: cn: labusers description: InfoDev Lab Users summary: Authorized Login User to the InfoDev Lab
226
Release 4.0