Small company logo:
   History
 
Advertising banner:
 
 L5011
Home • Help • A0 • Administration • Directory Services • L5011
 


LDAP mode
If you want to do Directory administration from both FirstClass and an external LDAP server, set FCDS to run in LDAP mode.
7202010_20004_0.png        Note
This mode is useful if you have an existing FirstClass installation, and want to gradually move Directory administration to an external LDAP server.
In LDAP mode, FCDS:
•       builds an initial in-memory tree view based on the information stored in the FirstClass Directory
FirstClass is considered the owner of these entries. This means administration of these entries must be done using FirstClass.
•       replicates the directory from the LDAP server to the FirstClass Directory.
The LDAP server is considered the owner of entries added as a result of this replication.
If FCDS finds a blank password, it substitutes a temporary password that duplicates the client ID.
If your group structure could cause server/FCDS conflicts (for example, you have a group that doesn't fit into your organization's hierarchy, and exists only to confer privileges), you can avoid conflicts with this group as long as its entries are owned by FirstClass. To do this, don't assign an OU to the group. Then FCDS will simply ignore this group.
LDAP mode also allows you to use the LDAP server to authenticate logins.
Replication in LDAP mode
FCDS follows these rules when replicating:
•       entries in the FirstClass Directory that have the same DN as an entry in the LDAP server's directory are updated with the user information from the entry on the LDAP server, and the LDAP server is considered the owner of those entries
This provides for an easy and gradual migration of administration to the LDAP server.
•       entries in the LDAP server's directory that extend the existing tree will cause the FirstClass Directory's tree view to extend
•       entries in the LDAP server's directory that don't have DNs, or have unresolvable DNs, aren't added to the FirstClass Directory.
•       subsequent updates to entries will only be accepted if they were done on the server that owns the entries.
7202010_20004_0.png        Notes
If the LDAP server issues a command to delete one of its entries, the entry isn't actually deleted (unless you enabled delete on the Directory Setup form). Instead, it is unlisted and added to a group called DS Deleted. The user ID is replaced by the entry's client ID, so that her user ID can be reused. You can recover this entry by listing it again and removing it from the DS Deleted group.
You can assign groups to any users in FirstClass, and those groups will be preserved after replication.
If you want the FirstClass Directory to reflect only a specific subtree of the LDAP server, specify a root DN that starts at the top of that subtree.
Using LDAP mode without replication
If you want to do all administration from FirstClass, and simply allow LDAP-enabled clients to access the FirstClass Directory, run FCDS in LDAP mode and turn off replication by choosing None at "Replication mechanism" on the Directory Setup form.
FCDS will build an in-memory tree view based on the information stored in the FirstClass Directory. Changes made to the Directory are immediately reflected in this tree view.
Users can log into FCDS with an LDAP-enabled client to see or, depending on their permissions, to retrieve Directory information.


User replication mode
If you want to do Directory administration from both FirstClass and an external LDAP server, but just want all users added in one flat space under the Directory root DN instead of in an LDAP tree, set FCDS to run in user replication mode.
In user replication mode, FCDS replicates the directory from the LDAP server to the FirstClass Directory. The LDAP server is considered the owner of entries added as a result of this replication.
If FCDS finds a blank password, it substitutes a temporary password that duplicates the client ID.
User replication mode also allows you to use the LDAP server to authenticate logins.
Replication in user replication mode
FCDS follows these rules when replicating:
•       entries in the FirstClass Directory that have the same DN as an entry in the LDAP server's directory are updated with the user information from the entry on the LDAP server, and the LDAP server is considered the owner of those entries
•       only users under the specified root DN are replicated to the FirstClass server
Their LDAP server DNs are replaced by a root DN.
•       subsequent updates to entries will only be accepted if they were done on the server that owns the entries.
7202010_20004_0.png        Notes
If the LDAP server issues a command to delete one of its entries, the entry isn't actually deleted (unless you enabled delete on the Directory Setup form). Instead, it is unlisted and added to a group called DS Deleted. The user ID is replaced by the entry's client ID, so that her user ID can be reused. You can recover this entry by listing it again and removing it from the DS Deleted group.
You can assign groups to any users in FirstClass, and those groups will be preserved after replication.


Authentication only mode
If you only want FCDS to process authentication requests, set FCDS to run in authentication only mode.
In authentication only mode, FCDS doesn't build the in-memory tree view that is built in LDAP mode.
There is also no replication in authentication only mode.