Setting up LDAP and Active Directory
By default, Jive doesn't use a directory server and stores all user data in a database from where it uses it for authentication. If your enterprise already uses an LDAP directory server such as OpenLDAP or Active Directory to manage users, you can configure your Jive community to integrate with it. During setup, you can choose users and groups stored in the directory server for providing them access to Jive.
The instructions for integration assume that you are or have access to the administrator of your directory server and that you are familiar with the Jive Admin Console. If you don't have this expertise, you may want to contact Jive Professional Services or another outside resource with expert knowledge about administering a directory server.
Note: If you are using Active Directory, make sure it allows LDAP querying.
LDAP Security
The Jive application database never caches or stores user credentials. However, if the LDAP system property ldap.ldapDebugEnabled
is set to true
, the directory server traffic can be logged, and user passwords can be exposed in plain text to the sbs.out
log file if connections to LDAP are unencrypted (non-SSL). It is your responsibility to ensure that your LDAP communication runs over an SSL connection.
- Supported directory servers Jive can be integrated with a variety of directory servers.
- Overview of directory server integration steps To set up directory server integration, you need to gather information about your LDAP server configuration, identify the location of your key directory server and tree, map your users and groups so Jive can synchronize to them, and then test your implementation to ensure it is successful.
- Mapping users from a directory server If you are provisioning users from a directory server, you can use the User Mapping tab to map selected user fields to be synched with your Jive user information.
- Mapping groups from a directory server If you are provisioning users from a directory server, you can maintain permission groups in Jive or use your LDAP permission groups.
- Using LDIF to inventory your directory Exporting an LDIF file from your server can help you extract essential information about your LDAP settings that is useful in setting up your Jive integration.
- Synchronizing LDAP users You can manually synch users or synch them during a nightly batch job, but make sure for good performance you use the correct rules.
- LDAP certificates By default, your Jive instance verifies that you have a valid SSL certificate installed in the JVM if you're running LDAP over SSL. But you can change this setting and run in an insecure mode if required.
- LDAP system properties You can modify LDAP system properties to reset some elements of your LDAP configuration.
- Supported directory servers Jive can be integrated with a variety of directory servers.
- Overview of directory server integration steps To set up directory server integration, you need to gather information about your LDAP server configuration, identify the location of your key directory server and tree, map your users and groups so Jive can synchronize to them, and then test your implementation to ensure it is successful.
- Mapping users from a directory server If you are provisioning users from a directory server, you can use the User Mapping tab to map selected user fields to be synched with your Jive user information.
- Mapping groups from a directory server If you are provisioning users from a directory server, you can maintain permission groups in Jive or use your LDAP permission groups.
- Using LDIF to inventory your directory Exporting an LDIF file from your server can help you extract essential information about your LDAP settings that is useful in setting up your Jive integration.
- Synchronizing LDAP users You can manually synch users or synch them during a nightly batch job, but make sure for good performance you use the correct rules.
- LDAP certificates By default, your Jive instance verifies that you have a valid SSL certificate installed in the JVM if you're running LDAP over SSL. But you can change this setting and run in an insecure mode if required.
- LDAP system properties You can modify LDAP system properties to reset some elements of your LDAP configuration.