LDAP and access to external and internal users
IBM® Sametime® Gateway Server works with the LDAP user registry used by your local Sametime community so that you can assign local users permission to access members in external and clearinghouse communities. For local users to chat with and share presence with a member of an external community, two events must happen: you must assign the local user to the external community and the external community administrator must assign the external community member access to your Sametime community.
You can use Sametime Gateway Server with virtually any LDAP directory that is supported by Sametime or the IBM WebSphere® Application Server environment. Sametime Gateway Server deployment does not require changes to existing directory structures. When you configure WebSphere Application Server to use an LDAP user registry, you are identifying to Sametime Gateway Server the LDAP directory that houses members of the local Sametime community. As an administrator, you look up names and groups in the LDAP directory and assign them capabilities when accessing an external community.
Using LDAP, you can assign users and group to capabilities such as instant messaging or presence or both when assigning users and groups access to an external community. Sametime Gateway Server displays group names, user names (short names), and user email addresses. Groups do not have email addresses.
Access to internal and external communities
When you assign a local user from your LDAP directory access to an external community, you provide, at the local level, permission for that local user to exchange instant messages with potentially all members of an external community. You cannot give the user permission to subscribe to some members of the external community because you cannot control who in the external community has access to the local user. If the administrator in an external community assigns all members in the external directory access to your local community, your local Sametime user can subscribe to all members of the external community and all external community members can subscribe to your user.
As an administrator, you cannot set access for external users because there is no way for you to configure access in external directories. External users can only have instant messaging and presence with the members of your local community for whom you have assigned access. The only people who can be subscribed to by external users are the users and groups who have been granted access by you.
For example, if local user John has not been granted access to external community, and external user Mary subscribes to John's presence, Mary will never receive a response because local user John does not have the rights to send a response. Any subscription requests from an external user is blocked by the Sametime Gateway Server because the local user is not granted access to subscribe to the external community.