If you store your external users in a separate LDAP branch, you can use that branch to
populate the Profiles database with those users.
About this task
In this procedure you create a separate TDI solution directory for the LDAP branch
that contains the external users. When you have a separate TDI solution directory, the process
of synchronizing the Profiles database with your LDAPs is easier.
Important: Be sure to complete Step 1 in the procedure. If you do not complete Step 1, you will delete
all users when you run the sync_all_dns command.
Notes:
- If you use a scheduled task or script to run synchronize commands, use a separate
scheduled task or script for each directory.
- Any changes or fixes that you make to one TDI solution directory must be made to the other
directory.
Procedure
-
Open profiles_tdi.properties and verify that
sync_store_source_url is set to true. If
sync_store_source_url is set to false, you must change
the value in accordance with the following instructions:
-
Set sync_store_source_url to true.
-
Run sync_all_dns.
-
Critical: Locate sync_source_url_enforce in the file
profiles_tdi.properties and set it to
true.
If you do not set sync_source_url_enforce to
true, you will most likely delete all users.
-
Create a copy of the existing TDI solution directory parallel to the existing directory
and name it TDI_external.
-
Rename the existing TDI solution directory from
TDI to TDI_internal.
-
In the directory TDI_external, edit the file
profiles_tdi.properties. Specify the LDAP branch by updating the
following properties:
- source_ldap_url (required)
- source_ldap_search_base (required)
- source_ldap_search_filter (optional)
-
In the directory TDI_external, edit the file
profiles_tdi.properties to set the visitor properties.
The following visitor properties must have values that are identical to the LDAP
branch values that you set in the previous step.
- source_ldap_url_visitor_confirm
- source_ldap_search_base_visitor_confirm
- source_ldap_search_filter_visitor_confirm
The visitor properties are referenced by the
func_mode_visitor_branch function in
profiles_functions.js to determine if the current LDAP branch is a
visitor branch. If the value of the visitor properties is empty or if the properties are
commented out, then users are added as employees instead of as external users.
-
In the directory TDI_external, edit the file
map_dbrepos_from_source.properties.
- Comment out the line
mode=
if it exists.
- Add or uncomment the line
mode={func_mode_visitor_branch}
. The
func_mode_visitor_branch function is in the file
profiles_functions.js.
-
Append a string to an external user's display name that differentiates them from users who are
part of your organization.
For users that rely solely on a screen reader, adding this string helps them to identify which
users are external users. The only other indication of external users is how their picture displays
on the site. The default string that is appended to a name is
- External User
.
- In the map_dbrepos_from_source.properties file, comment out this line:
displayName=cn
- Add or uncomment these three lines:
displayName={func_decorate_displayName_if_visitor}
displayNameLdapAttr=cn
decorateVisitorDisplayName= - External User
- Customize the string that gets added to the display name. Modify the value
of
decorateVisitorDisplayName
by replacing the string - External
User
with your custom string.Note: The string is not translated into other languages. If
your installation of Connections supports more than one language, use a string that works in all
languages.
-
Populate the Profiles database with external users. In the directory
TDI_external, run the following commands, in order:
- collect_dns.bat or collect_dns.sh
- populate_from_dn_file.bat or
populate_from_dn_file.sh
For more information about the collect_dns and
populate_from_dn_file commands, see Manually populating the
Profiles database.
What to do next
To keep your Profiles database synchronized with changes to the LDAP directory, run the
sync_all_dns command in each TDS solution directory on a regular basis.
For more information about synching, see Synchronizing source changes such as LDAP
with Profiles. Also, make sure that sync_source_url_enforce
remains set to true in both places.