Issue:
Users need to be imported from Novell eDirectory into the DocuWare system.
Solution:
On Novell server
- Create a group for DocuWare users in the eDirectory.
Figure 1: Creating a group for DocuWare users
- Add users to the DocuWare group
Figure 2: Adding users to the DocuWare group
- Create the ProxyUser (only for connection via port 389)
In principle, eDirectory allows LDAP clients to log on anonymously via port 389. In the default setting, the LDAP client has the access rights that are entered for the object [Public] in the eDirectory. In the default setting [Public] has the right to browse the whole tree.
For user synchronization, the anonymous user must be granted further access to the DocuWare group. This requires a separate user account to be set up. This user account must then, as the "ProxyUser", be registered for anonymous LDAP access. This account must not require a password, in order to allow anonymous access. Furthermore, it must be ensured that this user account cannot set up a password either, as this could bock anonymous access.
Figure 3: Creating the ProxyUser account
Figure 4: Configuring the ProxyUser account without a password requirement
Figure 5: Allocating the ProxyUser account access rights to the DocuWare group
Figure 6: Enabling the ProxyUser account in the LDAP Group object
Figure 7: Defining the LDAP services ACL* for NDS on the LDAP server
The configuration of the LDAP services for NDS is defined via the Properties of both LDAP Group (figure 3) and LDAP server (figure 4) objects. The setting must be defined using the developed security strategy.
- Check the configuration of the LDAP access
eDirectory provides the option to map the standardized object classes used within LDAP to other object classes used internally in eDirectory. This property is relevant when LDAP clients use standardized LDAP object classes to search but the resulting data is actually found in attributes of eDirectory object classes with another name. When using LDAP clients for the first time or when changes are made to the eDirectory structure it should be checked to see if the mapping of the LDAP object classes to the eDirectory object classes is coherent and that the LDAP applications used function correctly.
Figure 8: Properties of the LDAP Group
Important information:
Only LDAP version 2 is implemented in the LDAP services for NDS for NetWare 4.11. LDAP version 3 is used from NetWare 5.
LDAP Services for NDS adopt an intermediary role between the NDS and LDAP client. The client submits an LDAP request to the server on which the LDAP services are running. This request is received and converted by LDAP Services for NDS into an NDS request. NDS evaluates the request and returns the requested information to LDAP Services for NDS. These in turn generate an LDAP response from the NDS response and forward this to the client.
On DocuWare server
Before you set up a user synchronization workflow, you must first set up the LDAP access to Novell eDirectory.
- Set up LDAP access to the Novell eDirectory
Figure 9: Configuring LDAP access in DocuWare Administration
1 = Enter a name for the connection
1.1 = Select LDAP and Novell eDirectory
1.2 = Enter server name and ProxyUser without password
1.3 = Select port 389
1.4 = Enter organization container where DocuWare group is located
1.5 = Select DocuWare group from eDirectory tree
1.6 = Enter DN name for DocuWare user
1.7 = Enter attribute for user name as it should be read. Here you can enter the Uid, name(sn) or Novell name (cn)
1.8 = Attribute member must be entered here
1.9 = Test configuration and the result should look like the screenshot in Figure 10.
Figure 10: Result of LDAP access configuration
- Set up user synchronization workflow
Figure 11: Setting up the user synchronization workflow
2 = Enter a name for the workflow
2.1 = Select LDAP configuration
2.2 = Enter user with authorization and password
2.3 = Select target group in DocuWare
2.4 = Enter source group from eDirectory
*ACL (Access Control List)
**LDAP (Lightweight Directory Access Protocol)