Overview of LDAP Integration Steps

To set up LDAP integration, you need to gather information about your LDAP implementation, identify the location of your key LDAP server and tree, map your users and (optionally) groups so Jive can synchronize to them, and then test your implementation to ensure it is successful.

LDAP integration relies on preparation and testing to be successful. If you use this list of overview steps to plan your integration, and if you run a test implementation to ensure that you have correctly identified the users, groups, and fields you want to sync with your Jive instance, you can avoid some frustrating missteps associated with integrating these two complicated products.

  1. Gather information about your LDAP installation. To complete the integration setup, you will need:
    • The address of your LDAP server and how it will communicate with Jive. If you're using Jive to host your community, you can contact Support for assistance with setting up the connection between these servers. Make sure you account for server referrals, especially if you use Active Directory.
    • The Base DN associated with the users you want to sync with Jive. You may or may not want to include all the users in your organization, so make sure your Base DN is associated with the part of the tree that includes the users you are targeting. Keep in mind that if you plan to map groups as well as users, your BaseDN needs to be at a tree level that contains both users and groups. You can also narrow down your users by specifying a User DN relative to the Base DN during setup.
    • The DN associated with an Administrator account that has full access to your LDAP server. (This account does not need to be linked to a Jive user.)
    • The field identifiers in LDAP associated with any fields you want to sync to Jive profile fields. For example, the Username field is typically associated with the sAMAccountName field for Active Directory. A good method for obtaining this information for your LDAP setup is to export an LDIF file.
    • Any LDAP filter expressions you need to limit the number of users returned when you sync Jive to your LDAP tree. If you don't filter, synchronizing to your LDAP instance will return every user associated with the Base DN you supplied, and your Jive community may be populated with users who don't need to be there. The LDAP Explorer website is a helpful resource for information about LDAP filters. For filter information focused on Active Directory, see LDAP Query Basics on the Microsoft website.
    • The field identifiers for any LDAP groups you want to map to permissions groups in Jive. You don't need to map any groups if you want to manage permissions entirely in the Jive community. You will also need to specify an attribute such as member or memberOf that can be used to associate users and groups.
  2. Start the LDAP integration setup. (If you aren't configuring LDAP as part of your initial Jive setup, see Configuring LDAP After Initial Setup for instructions on returning to setup mode. If your installation is hosted by Jive Software, you'll need to contact Support for help with this step.) If you select Directory Server (LDAP) in your User Settings during Jive setup, LDAP setup continues for the next three screens. Each screen has field-level Help that you can access by clicking the ? next to a field.
  3. Supply your connection settings and test the connection by clicking Test Settings. If you can't connect, you may need to check your credentials. The account you're binding with must have read access to users and groups for the entire subtree rooted at the base DN.
  4. In the User Mapping screen, map any Jive profile settings you want to populate from LDAP by supplying an LDAP string. If you click LDAP Managed next to a field, that field will be updated from LDAP whenever a sync takes place, typically when the user logs in. Click Advanced Settings to add any user filters you want to use to narrow down the number of users you will sync.
  5. Click Test Settings to validate your mappings. Fields that turn red do not currently have a corresponding field in LDAP. If this is expected and you plan to add those fields later, make sure you click LDAP Managed so those fields can be synced after you add them in LDAP.
  6. Before you click Continue, enable Synchronize User's Profile on Login. This setting ensures each Jive user's credentials are synchronized as soon as she logs in. (You can use People > Settings > User Data Synchronization Settings after setup to set a nightly synchronization task or to perform a one-time manual sync, but keep in mind that synchronizing all users at once can cause slower performance during peak usage.)
  7. In the Group Mapping screen, decide whether to use and synchronize the permissions groups you have set up in LDAP or whether you will use Jive to assign users to permissions groups. Note that group permissions have nothing to do with social groups in Jive.
  8. On the Admin Account page, specify whether you want the default user to be defined as an LDAP admin account. Choosing this option disables the default Jive admin account. Keep in mind that if you choose an LDAP admin account, you may not be able to access the Jive community if your LDAP connection is unavailable or misconfigured.
Up to: LDAP and Active Directory Guide

Powered by Jive Software
© 1999-2012 Jive Software. All rights reserved. Follow us on Twitter @jivedocs